Disable URL Correction on Misspelled Entries
An XCCDF Rule
Description
The speling module attempts to find a document match by allowing one misspelling in an
otherwise failed request. If this functionality is unnecessary, comment out the module:
#LoadModule speling_module modules/mod_speling.soThis functionality weakens server security by making site enumeration easier.
Rationale
Minimizing the number of loadable modules available to the web server reduces risk by limiting the capabilities allowed by the web server.
- ID
- xccdf_org.ssgproject.content_rule_httpd_url_correction
- Severity
- Unknown
- References
- Updated