Paul Larson
Basic Pleskian
- Server operating system version
- Ubuntu 22.04.4 LTS
- Plesk version and microupdate number
- Plesk Obsidian Version 18.0.60
The dreaded PCI/Security scan from a client!
So often the findings or remediation requests seem confusing, like this one:
"HTTP service has been identified without SSL/TLS"
Web traffic to domains on my server will always redirect to https/443. But I guess I can't stop a scanner from testing my IP, port 80, while not serving an SSL/TLS certificate. (I thought the whole point of https was to utilize an SSL cert, thus I don't know the point of scanning port 80 in search of SSL/TLS.)
But the technology behind these protocols is always more complex than I assume.
So, is there a way to serve an SSL/TLS on port 80, or...force such traffic immediately to 443?
So often the findings or remediation requests seem confusing, like this one:
"HTTP service has been identified without SSL/TLS"
Web traffic to domains on my server will always redirect to https/443. But I guess I can't stop a scanner from testing my IP, port 80, while not serving an SSL/TLS certificate. (I thought the whole point of https was to utilize an SSL cert, thus I don't know the point of scanning port 80 in search of SSL/TLS.)
But the technology behind these protocols is always more complex than I assume.
So, is there a way to serve an SSL/TLS on port 80, or...force such traffic immediately to 443?