5.1 Ensure Options for the OS Root Directory Are Restricted

Information

The Apache 'Options' directive allows for specific configuration of options, including execution of CGI, following symbolic links, server side includes, and content negotiation.

Refer to the Apache 2.2 documentation for details:
[http://httpd.apache.org/docs/2.2/mod/core.html#options](http://httpd.apache.org/docs/2.2/mod/core.html#options ).

Rationale:

The 'Options' directive for the root OS level is used to create a default minimal options policy that allows only the minimal options at the root directory level. Then for specific web sites or portions of the web site, options may be enabled as needed and appropriate. No options should be enabled and the value for the 'Options' directive should be 'None'.

Solution

Perform the following to implement the recommended state:

Add or modify the following lines in the Apache configuration file at the server configuration level:

Order allow,deny
Deny from all

See Also

https://workbench.cisecurity.org/files/2378

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-9, CSCv6|18.3, CSCv7|18.2

Plugin: Unix

Control ID: 249202510d536fe4b54f417580b582d2b8652c71abc9e120eb36555a22b3f897