Skip to content

Restrict Other Critical Directories

An XCCDF Rule

Description

All accessible web directories should be configured with similarly restrictive settings. The Options directive should be limited to necessary functionality and the AllowOverride directive should be used only if needed. The Order and Deny access control tags should be used to deny access by default, allowing access only where necessary.

Rationale

Directories accessible from a web client should be configured with the least amount of access possible in order to avoid unauthorized access to restricted content or server information.

ID
xccdf_org.ssgproject.content_rule_httpd_restrict_critical_directories
Severity
Unknown
Updated