UCF STIG Viewer Logo

Directory indexing must be disabled on directories not containing index files.


Overview

Finding ID Version Rule ID IA Controls Severity
V-13735 WA000-WWA058 W22 SV-33006r1_rule Medium
Description
Directory options directives are directives that can be applied to further restrict access to file and directories. If a URL which maps to a directory is requested, and there is no DirectoryIndex (e.g., index.html) in that directory, then mod_autoindex will return a formatted listing of the directory which is not acceptable.
STIG Date
APACHE SERVER 2.2 for Windows 2017-07-05

Details

Check Text ( C-33681r1_chk )
Locate the Apache httpd.conf file.

Open the httpd.conf file with an editor such as notepad, and search for the following uncommented directive: Options

Review all uncommented Options statements for the following value: -Indexes

If the value is found on the Options statement, and it does not have a preceding “-”, this is a finding. If the value does not exist, this would be a finding unless the enabled Options statement is set to “None”.
Fix Text (F-29307r1_fix)
Add a "-" to the Indexes setting, or set the options directive to None.