Ensure Options for Other Directories Are Minimized
Details The Apache Options directive allows for specific configuration of options, including execution of CGI, following symbolic links, server side...
- Home
- Security Hardening
- CIS Apache HTTP Server 2.4 L1 V2.0.0
CIS Apache HTTP Server 2.4 L1 V2.0.0
Ensure Options for the OS Root Directory Are Restricted
Details The Apache Options directive allows for specific configuration of options, including execution of CGI, following symbolic links, server side...Ensure Options for the Web Root Directory Are Restricted
Details The Apache Options directive allows for specific configuration of options, including: Execution of CGI Following symbolic links Server side...Ensure OverRide Is Disabled for All Directories – AllowOverrideList
Details The Apache AllowOverride directive and the new AllowOverrideList directive allow for .htaccess files to be used to override much...Ensure OverRide Is Disabled for the OS Root Directory – AllowOverride None
Details The Apache AllowOverRide directive and the new AllowOverrideList directive allow for .htaccess files to be used to override much...Ensure OverRide Is Disabled for the OS Root Directory – exclude AllowOverrideList
Details The Apache AllowOverRide directive and the new AllowOverrideList directive allow for .htaccess files to be used to override much...Ensure Other Write Access on Apache Directories and Files Is Restricted
Details Permissions on Apache directories should generally be rwxr-xr-x (755) and file permissions should be similar except not executable unless...Ensure OverRide Is Disabled for All Directories – AllowOverride
Details The Apache AllowOverride directive and the new AllowOverrideList directive allow for .htaccess files to be used to override much...Ensure the Apache User Account Has an Invalid Shell
Details The apache account must not be used as a regular login account, and should be assigned an invalid or...Ensure the Apache User Account Is Locked
Details The user account under which Apache runs should not have a valid password, but should be locked. Rationale: As...