我试图使我的服务器PCI兼容。我需要解决的最后一个问题之一是从Apache ETag头中删除INode。所以我在httpd.conf中定义了这一行:“FileETag MTime Size”只返回MTime和大小。特定端口的Apache配置设置(PCI合规性)
<Directory "/var/www/html">
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
FileETag MTime Size
</Directory>
此修复程序解决问题的标准端口80
现在,我也有主机控制面板(ISPConfig3)在端口8000上运行运行PCI符合性测试后,我得到这个错误:
Apache ETag header discloses inode numbers Severity: Potential Problem CVE: CVE-2003-1418 Impact: A remote attacker could determine inode numbers on the server. Resolution Use the http://httpd.apache.org/docs/2.2/mod/core.html#FileETag FileETag directive to remove the INode component from the calculation of the ETag. For example, place the following line in the Apache configuration file to calculate the ETag based only on the file's modification time and size: FileETag MTime Size Vulnerability Details: Service: 8000:TCP
我想我必须在httpd.conf中添加的东西也适用FileETag对所有应用程序运行在端口8000
请指教应该做些什么。
谢谢! Kelvin