WA000-WWA058 A22 – Directory indexing must be disabled on directories not containing index files.

Details

Directory options directives are directives that can be applied to further restrict access to file and directories. If a URL which maps to a directory is requested, and there is no DirectoryIndex (e.g., index.html) in that directory, then mod_autoindex will return a formatted listing of the directory which is not acceptable.

Solution

Edit the httpd.conf file and add an ‘-‘ to the Indexes setting, or set the options directive to None.

Supportive Information

The following resource is also helpful.

https://iasecontent.disa.mil/stigs/zip/U_Apache_2-2_UNIX_V1R11_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

800-53|CM-7b.
CAT|II
Rule-ID|SV-32755r1_rule
STIG-ID|WA000-WWA058_A22
Vuln-ID|V-13735

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles