Restrict Other Critical Directories
An XCCDF Rule
Description
All accessible web directories should be configured with similarly restrictive settings.
The Options directive should be limited to necessary functionality and the AllowOverride
directive should be used only if needed. The Order and Deny access control tags
should be used to deny access by default, allowing access only where necessary.
Rationale
Directories accessible from a web client should be configured with the least amount of access possible in order to avoid unauthorized access to restricted content or server information.
- ID
- xccdf_org.ssgproject.content_rule_httpd_restrict_critical_directories
- Severity
- Unknown
- References
- Updated