STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to APACHE 2.2 Site for UNIX Security Technical Implementation Guide

V-2258

CAT I (High)

Web client access to the content directories must be restricted to read and execute.

Rule ID

SV-33027r2_rule

STIG

APACHE 2.2 Site for UNIX Security Technical Implementation Guide

Version

V1R11

CCIs

None

Discussion

Excessive permissions for the anonymous web user account are one of the most common faults contributing to the compromise of a web server. If this user is able to upload and execute files on the web server, the organization or owner of the server will no longer have control of the asset.

Check Content

To view the value of Alias enter the following command: 

grep "Alias" /usr/local/apache2/conf/httpd.conf 

Alias
ScriptAlias
ScriptAliasMatch

Review the results to determine the location of the files listed above. 

Enter the following command to determine the permissions of the above file: 

ls -Ll /file-path

The only accounts listed should be the web administrator, developers, and the account assigned to run the apache server service. 

If accounts that don’t need access to these directories are listed, this is a finding. 

If the permissions assigned to the account for the Apache web server service, or any group to which the Apache web server service belongs, is greater than Read & Execute (R_E), this is a finding.

Fix Text

Assign the appropriate permissions to the applicable directories and files using the chmod command.