{"description": "Set <tt>AllowOverride</tt> to <tt>none</tt> for each instant of\n<tt>&lt;Directory&gt;</tt>.", "rationale": "CGI scripts represents one of the most common and exploitable means of\ncompromising a web server. By definition, CGI are executable by the operating\nsystem of the host server. While access control is provided via the web service,\nthe execution of CGI programs is not otherwise limited unless the SA or Web\nManager takes specific measures. CGI programs can access and alter data files,\nlaunch other programs and use the network. CGI programs can be written in any\navailable programming language. C, PERL, PHP, Javascript, VBScript and shell\n(sh, ksh, bash) are popular choices.", "severity": "medium", "references": {}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "it is not", "ocil": "To preclude access to the servers root directory, ensure the following\ndirective is in the <tt>httpd.conf</tt> file. This entry will also stop users\nfrom setting up <tt>.htaccess</tt> files which can override security features\nconfigured in <tt>/etc/httpd/conf/httpd.conf</tt>.\n<pre>AllowOverride none</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Ignore HTTPD .htaccess Files", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_ignore_htaccess_files/rule.yml", "template": null}