STIGQter: STIG Summary: APACHE 2.2 Server for Windows Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 25 Jan 2019:

The FollowSymLinks setting must be disabled.

DISA Rule

SV-33001r1_rule

Vulnerability Number

V-13732

Group Title

WA000-WWA052

Rule Version

WA000-WWA052 W22

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Add a "-" to the FollowSymLinks setting, or set the options directive to None.

Check Contents

Locate the Apache httpd.conf file.

Open the httpd.conf file with an editor such as notepad, and search for the following uncommented directive: Options

Review all uncommented Options statements for the following value: -FollowSymLinks

If the value is found with an Options statement, and it does not have a preceding “-”, this is a finding.

Notes:
- If the value does NOT exist, this is a finding.
- If all enabled Options statement are set to None this is not a finding.

Vulnerability Number

V-13732

Documentable

False

Rule Version

WA000-WWA052 W22

Severity Override Guidance

Locate the Apache httpd.conf file.

Open the httpd.conf file with an editor such as notepad, and search for the following uncommented directive: Options

Review all uncommented Options statements for the following value: -FollowSymLinks

If the value is found with an Options statement, and it does not have a preceding “-”, this is a finding.

Notes:
- If the value does NOT exist, this is a finding.
- If all enabled Options statement are set to None this is not a finding.

Check Content Reference

M

Responsibility

Web Administrator

Target Key

158

Comments