我試圖使我的服務器PCI兼容。我需要解決的最後一個問題之一是從Apache ETag頭中刪除INode。所以我在httpd.conf中定義了這一行:「FileETag MTime Size」只返回MTime和大小。特定端口的Apache配置設置(PCI合規性)
<Directory "/var/www/html">
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
FileETag MTime Size
</Directory>
此修復程序解決問題的標準端口80
現在,我也有主機控制面板(ISPConfig3)在端口8000上運行運行PCI符合性測試後,我得到這個錯誤:
Apache ETag header discloses inode numbers Severity: Potential Problem CVE: CVE-2003-1418 Impact: A remote attacker could determine inode numbers on the server. Resolution Use the http://httpd.apache.org/docs/2.2/mod/core.html#FileETag FileETag directive to remove the INode component from the calculation of the ETag. For example, place the following line in the Apache configuration file to calculate the ETag based only on the file's modification time and size: FileETag MTime Size Vulnerability Details: Service: 8000:TCP
我想我必須在httpd.conf中添加的東西也適用FileETag對所有應用程序運行在端口8000
請指教應該做些什麼。
謝謝! Kelvin