STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to APACHE 2.2 Server for UNIX Security Technical Implementation Guide

V-13735

CAT II (Medium)

Directory indexing must be disabled on directories not containing index files.

Rule ID

SV-32755r1_rule

STIG

APACHE 2.2 Server for UNIX Security Technical Implementation Guide

Version

V1R11

CCIs

None

Discussion

Directory options directives are directives that can be applied to further restrict access to file and directories. If a URL which maps to a directory is requested, and there is no DirectoryIndex (e.g., index.html) in that directory, then mod_autoindex will return a formatted listing of the directory which is not acceptable.

Check Content

To view the Indexes value enter the following command: 

grep "Indexes" /usr/local/apache2/conf/httpd.conf. 

Review all uncommented Options statements for the following value: -Indexes 

If the value is found on the Options statement, and it does not have a preceding ‘-‘, this is a finding. 

Notes:
- If the value does NOT exist, this is a finding.
- If all enabled Options statement are set to None this is not a finding.

Fix Text

Edit the httpd.conf file and add an "-" to the Indexes setting, or set the options directive to None.