• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Changing Apache FileETag for PCI Compliance

D

DickenW

New Pleskian
My Plesk server is currently failing PCI scans:

"Description: Apache ETag header discloses inode numbers Severity: Potential Problem CVE: CVE-2003-1418 Impact: A remote attacker could determine inode numbers on the server."

I have added the following line to '/etc/httpd/conf/httpd.conf':

FileETag MTime Size

I have added it twice - in the main body of the file, and also inside the primary <Directory> directive, as I was not sure where to place it.

But, Apache is still failing the PCI scans for disclosing inode numbers.

And yes, I restarted apache ;)

Any ideas what else I have to change to get this to work?
(Plesk 10.3.1 CentOs)
 
Add this to a file within /etc/httpd/conf.d/ (assuming you're on Centos) :

Header unset ETag
FileETag MTime Size

Then restart Apache (and make sure you're not declaring something different in your .htaccess files!)
 
You must log in or register to reply here.

Similar threads

P
Issue Can kernel be updated in Centos without breaking Plesk.
Replies
2
Views
2K
Bitpalast
Bitpalast
O
Question Plesk Admin Panel - Internal IP address Revealed on port 8443 (PCI Compliance Issue)
Replies
0
Views
2K
OWEUX LLC
O
Edi Duluman
Resolved How to fix the TLS Poodle PCI Compliance issue
Replies
2
Views
2K
Edi Duluman
Edi Duluman
V
Google PageSpeed Insights – How to optimize your site to rank higher
Replies
1
Views
5K
Andrew Roy
Andrew Roy
V
Varnish for WordPress in a Docker container
Replies
5
Views
6K
Laurence@
Laurence@
Back
Top