The URL-path name must be set to the file path name or the directory path name.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-26327 | WA00560 A22 | SV-33229r1_rule | - | medium |
| Description | ||||
| The ScriptAlias directive controls which directories the Apache server "sees" as containing scripts. If the directive uses a URL-path name that is different than the actual file system path, the potential exists to expose the script source code. | ||||
| STIG | Date | |||
| APACHE 2.2 Server for UNIX Security Technical Implementation Guide | 2019-01-07 | |||
Details
Check Text (C-33229r1_chk)
Enter the following command:
grep "ScriptAlias" /usr/local/apache2/conf/httpd.conf.
If any enabled ScriptAlias directive do not have matching URL-path and file-path or directory-path entries, this is a finding.
Fix Text (F-29427r1_fix)
Edit the httpd.conf file and set the ScriptAlias URL-path and file-path or directory-path entries.