The MultiViews directive must be disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-13734 | WA000-WWA056 A22 | SV-32754r1_rule | Medium |
| Description |
| STIG | Date |
| APACHE 2.2 Server for Windows Security Technical Implementation Guide | 2018-12-24 |
Details
| Check Text (C-33616r1_chk) |
| To view the MultiViews value enter the following command: grep "MultiView" /usr/local/apache2/conf/httpd.conf. Review all uncommented Options statements for the following value: -MultiViews If the value is found on the Options statement, and it does not have a preceding ‘-‘, this is a finding. Notes: - If the value does NOT exist, this is a finding. - If all enabled Options statement are set to None this is not a finding. |
| Fix Text (F-29247r1_fix) |
| Edit the httpd.conf file and add the "-" to the MultiViews setting, or set the options directive to None. |