We have ePO (5.9.1) installed.
We are working on httpd.conf for V-92511 to make it to comply with SV-102599 for root directory directives.
In https://vaulted.io/library/disa-stigs-srgs/apache_server_24_windows_site_security_technical_implemen... it listed the following directives for r1 and r2
Deny from all
Require all denied
1) To update httpd.conf file, should we use directive(s) only for r2 (i.e. 'Require all denied') or the combination of r1 and r2? I think r2 only should be it but someone said we should use both and no hurt.
2) wha'ts the relationship between the directives of r1 and r2? Are they mutual exclusive or accumulative?
3) How to test if the change affects (or break) the ePO on the system? A detailed step-by-step test/verification guide will be very appreciated.
Solved! Go to Solution.
Also want to know - what does 'not supported' mean?
Is it that you can't change the directive(s) at all (otherwise it will break the functionality), or you can do whatever with the directives, the changes won't take effect (and the functionality still works as before)?