Details
The Apache ‘Options’ directive allows for specific configuration of options, including execution of CGI, following symbolic links, server side includes, and content negotiation.
Refer to the Apache 2.2 documentation for details:
[http://httpd.apache.org/docs/2.2/mod/core.html#options](http://httpd.apache.org/docs/2.2/mod/core.html#options ).
Rationale:
The ‘Options’ directive for the root OS level is used to create a default minimal options policy that allows only the minimal options at the root directory level. Then for specific web sites or portions of the web site, options may be enabled as needed and appropriate. No options should be enabled and the value for the ‘Options’ directive should be ‘None’.
Solution
Perform the following to implement the recommended state:
Add or modify the following lines in the Apache configuration file at the server configuration level:
Order allow,deny
Deny from all
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system Unix.