Apache HTTP server STIG rule

Question

I am new to setting up Apache HTTP and have to STIG the Apache HTTP 2.2 I have running. (http://iase.disa.mil/stigs/app-security/web-servers/Pages/index.aspx). For one of the rules it says the following

Edit the httpd.conf file and add one of the following to the enabled Options directive:

+IncludesNoExec
-IncludesNoExec
-Includes

Remove the ‘Includes’ or ‘+Includes’ setting from the options statement.

I went to the httpd.conf file. However I am confused on where I would put those lines. Does anyone have any insight into these Options directive and where to set them?

score 2 · Accepted Answer · answered Sep 02 '15 at 23:42

2

The directive must be given for the directories containing the shtml files (typically in a <Directory> section, but this directive is also valid in .htaccess files if AllowOverride Options is set).

answered Sep 02 '15 at 23:42

user5069652

81
4

Apache HTTP server STIG rule

1 Answers1