• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Changing Apache FileETag for PCI Compliance

D

DickenW

New Pleskian
My Plesk server is currently failing PCI scans:

"Description: Apache ETag header discloses inode numbers Severity: Potential Problem CVE: CVE-2003-1418 Impact: A remote attacker could determine inode numbers on the server."

I have added the following line to '/etc/httpd/conf/httpd.conf':

FileETag MTime Size

I have added it twice - in the main body of the file, and also inside the primary <Directory> directive, as I was not sure where to place it.

But, Apache is still failing the PCI scans for disclosing inode numbers.

And yes, I restarted apache ;)

Any ideas what else I have to change to get this to work?
(Plesk 10.3.1 CentOs)
 
Add this to a file within /etc/httpd/conf.d/ (assuming you're on Centos) :

Header unset ETag
FileETag MTime Size

Then restart Apache (and make sure you're not declaring something different in your .htaccess files!)
 
You must log in or register to reply here.

Similar threads

P
Issue Can kernel be updated in Centos without breaking Plesk.
Replies
2
Views
1K
Bitpalast
Bitpalast
O
Question Plesk Admin Panel - Internal IP address Revealed on port 8443 (PCI Compliance Issue)
Replies
0
Views
1K
OWEUX LLC
O
Edi Duluman
Resolved How to fix the TLS Poodle PCI Compliance issue
Replies
2
Views
2K
Edi Duluman
Edi Duluman
V
Google PageSpeed Insights – How to optimize your site to rank higher
Replies
1
Views
4K
Andrew Roy
Andrew Roy
V
Varnish for WordPress in a Docker container
Replies
5
Views
5K
Laurence@
Laurence@
Back
Top