Facebook
Twitter
My Plesk server is currently failing PCI scans:
"Description: Apache ETag header discloses inode numbers Severity: Potential Problem CVE: CVE-2003-1418 Impact: A remote attacker could determine inode numbers on the server."
I have added the following line to '/etc/httpd/conf/httpd.conf':
FileETag MTime Size
I have added it twice - in the main body of the file, and also inside the primary <Directory> directive, as I was not sure where to place it.
But, Apache is still failing the PCI scans for disclosing inode numbers.
And yes, I restarted apache
Any ideas what else I have to change to get this to work?
(Plesk 10.3.1 CentOs)
"Description: Apache ETag header discloses inode numbers Severity: Potential Problem CVE: CVE-2003-1418 Impact: A remote attacker could determine inode numbers on the server."
I have added the following line to '/etc/httpd/conf/httpd.conf':
FileETag MTime Size
I have added it twice - in the main body of the file, and also inside the primary <Directory> directive, as I was not sure where to place it.
But, Apache is still failing the PCI scans for disclosing inode numbers.
And yes, I restarted apache
Any ideas what else I have to change to get this to work?
(Plesk 10.3.1 CentOs)
