Directory indexing must be disabled on directories not containing index files.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-13735	WA000-WWA058	WA000-WWA058 A22	SV-32755r1_rule	2019-01-07	1

Description
Directory options directives are directives that can be applied to further restrict access to file and directories. If a URL which maps to a directory is requested, and there is no DirectoryIndex (e.g., index.html) in that directory, then mod_autoindex will return a formatted listing of the directory which is not acceptable.

ℹ️ Check
To view the Indexes value enter the following command: grep "Indexes" /usr/local/apache2/conf/httpd.conf. Review all uncommented Options statements for the following value: -Indexes If the value is found on the Options statement, and it does not have a preceding ‘-‘, this is a finding. Notes: - If the value does NOT exist, this is a finding. - If all enabled Options statement are set to None this is not a finding.

ℹ️ Check

To view the Indexes value enter the following command: grep "Indexes" /usr/local/apache2/conf/httpd.conf. Review all uncommented Options statements for the following value: -Indexes If the value is found on the Options statement, and it does not have a preceding ‘-‘, this is a finding. Notes: - If the value does NOT exist, this is a finding. - If all enabled Options statement are set to None this is not a finding.

✔️ Fix
Edit the httpd.conf file and add an "-" to the Indexes setting, or set the options directive to None.