The Unix permissions for all directories specified by Alias directives should be configured appropriately. (1) permissions (1) via chmod 1.3.5 Apache Directory and File Permissions (Level 1, Scorable) The permission on the Apache directories should be rwxr-xr-x (755) and the file permissions should be similar except not executable if executable is not appropriate. Page 22-23 Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 A22 Rule ID: SV-33027r1_rule Vuln ID: V-2258 Severity: CAT I Class: Unclass CIS Security Configuration Benchmark For Apache Web Server 2.2 Version 3.1.0 June 11th, 2012 CIS 2008-06-11 Version 3.1.0 Prose (PDF) DISA STIG Apache SITE 2.2 for Unix Release: 1 Benchmark Date: 23 Nov 2011 DISA 2011-11-23 V1R1 Prose (PDF)