Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Lighttpd must have resource mappings set to disable the serving of certain file types.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-89265 | VRAU-LI-000195 | SV-99915r1_rule | Medium |
| Description |
|---|
| Resource mapping is the process of tying a particular file type to a process in Lighttpd that can serve that type of file to a requesting client and to identify which file types are not to be delivered to a client. Lighttpd provides the url.access-deny parameter to specify a blacklist of file types which should be denied. |
| STIG | Date |
|---|---|
| VMware vRealize Automation 7.x Lighttpd Security Technical Implementation Guide | 2018-10-12 |
Details
| Check Text ( C-88957r2_chk ) |
|---|
| Obtain supporting documentation from the ISSO. Determine the file types (blacklist) that are deemed for denial. Note: Lighttpd provides the url.access-deny parameter to specify the blacklist of files. Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf file Navigate to the url.access-deny parameter. If url.access-deny parameter is not configured with the file types that are blacklisted, this is a finding. If url.access-deny parameter is not set properly, this is a finding. |
| Fix Text (F-96007r2_fix) |
|---|
| Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf file Navigate to the url.access-deny parameter. Configure the url.access-deny parameter with the file types that are blacklisted. |