WA00547 W22 - The ability to override the access configuration for the OS root directory must be disabled.

Information

The Apache OverRide directive allows for .htaccess files to be used to override much of the configuration, including authentication, handling of document types, auto generated indexes, access control, and options. When the server finds an .htaccess file (as specified by AccessFileName) it needs to know which directives declared in that file can override earlier access information. When this directive is set to None, then .htaccess files are completely ignored. In this case, the server will not even attempt to read .htaccess files in the file system. When this directive is set to All, then any directive which has the .htaccess Context is allowed in .htaccess files.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Add the following after the Directory directive:

AllowOverride None

See Also

https://iasecontent.disa.mil/stigs/zip/U_Apache_2-2_WIN_V1R13_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, Rule-ID|SV-33237r1_rule, STIG-ID|WA00547_W22, Vuln-ID|V-26393

Plugin: Windows

Control ID: 5bb07433503c56ddc9c24b63d09b453fcc2ebbaac0fa017861b851d6dc6d3e03