STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to APACHE 2.2 Server for UNIX Security Technical Implementation Guide

V-26327

CAT II (Medium)

The URL-path name must be set to the file path name or the directory path name.

Rule ID

SV-33229r1_rule

STIG

APACHE 2.2 Server for UNIX Security Technical Implementation Guide

Version

V1R11

CCIs

None

Discussion

The ScriptAlias directive controls which directories the Apache server "sees" as containing scripts. If the directive uses a URL-path name that is different than the actual file system path, the potential exists to expose the script source code.

Check Content

Enter the following command:

grep "ScriptAlias" /usr/local/apache2/conf/httpd.conf.  

If any enabled ScriptAlias directive do not have matching URL-path and file-path or directory-path entries, this is a finding.

Fix Text

Edit the httpd.conf file and set the ScriptAlias URL-path and file-path or directory-path entries.