STIGQter: STIG Summary: APACHE 2.2 Server for Windows Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 25 Jan 2019:

The ability to override the access configuration for the OS root directory must be disabled.

DISA Rule

SV-33237r1_rule

Vulnerability Number

V-26393

Group Title

WA00547

Rule Version

WA00547 W22

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Add the following after the Directory directive:

AllowOverride None

Check Contents

Locate the Apache httpd.conf file.

Open the httpd.conf file with an editor such as notepad, and search for the following uncommented directive: Directory

For every root directory entry (i.e. <Directory />) ensure the following entry exists after it:

AllowOverride None

If the statement above is not found in the root directory statement, this is a finding. If Allow directives are included in the root directory statement, this is a finding. If the root directory statement is not found at all, this is a finding.

Vulnerability Number

V-26393

Documentable

False

Rule Version

WA00547 W22

Severity Override Guidance

Locate the Apache httpd.conf file.

Open the httpd.conf file with an editor such as notepad, and search for the following uncommented directive: Directory

For every root directory entry (i.e. <Directory />) ensure the following entry exists after it:

AllowOverride None

If the statement above is not found in the root directory statement, this is a finding. If Allow directives are included in the root directory statement, this is a finding. If the root directory statement is not found at all, this is a finding.

Check Content Reference

M

Responsibility

Web Administrator

Target Key

158

Comments