The Community Forums

Interact with an entire community of cPanel & WHM users.
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

pci compliance help

Discussion in 'General Discussion' started by EWD, Mar 28, 2008.

  1. EWD

    EWD Well-Known Member
    PartnerNOC

    Joined:
    Aug 19, 2003
    Messages:
    165
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    NY
    Hi Guys.

    For PCI compliance I need to disable TRACK and TRACE.
    I used to be able to to do this by adding the following to httpd.conf
    Code:
    RewriteEngine On 
    RewriteCond %{REQUEST_METHOD} ^TRACE 
    RewriteRule .* - [F] 
    RewriteCond %{REQUEST_METHOD} ^TRACK
    RewriteRule .* - [F]
    Since EA3 this no longer works. I have tried it in the main httpd.conf as well as the includes and no luck.
    Anyone have been able to get these disabled lately?

    Thanks in advance for any help.
     
  2. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    how about in a .htaccess file in the root of one of the sites? just for the hell of it??
     
  3. EWD

    EWD Well-Known Member
    PartnerNOC

    Joined:
    Aug 19, 2003
    Messages:
    165
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    NY
    Hi,

    Yes, that would help for one site. We need it to be server-wide.

    I have found that the code above does not work for trace anymore for whatever reason.
    Instead you need to add TraceEnable Off to httpd.conf

    So what I did was edit /usr/local/apache/conf/includes/pre_main_global.conf and added:
    Code:
    <Directory "/">
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^TRACK
    RewriteRule .* - [F]
    </Directory>
    Also added TraceEnable Off to httpd.conf and that seems to have done the trick.

    Thanks for the help and I hope this info helps someone else looking for the same. ;)
     
  4. robb3369

    robb3369 Well-Known Member

    Joined:
    Mar 1, 2008
    Messages:
    122
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    mod_security

    This can also be addressed via mod_security (installed via Easy Apache) with the default configuration:

    Code:
    # allowed request methods
    SecRule REQUEST_METHOD "!^(?:GET|POST|OPTIONS|HEAD)$" \
        "phase:1,log,auditlog,msg:'Method is not allowed by policy', severity:'2',id:'960032'"
     
  5. MaraBlue

    MaraBlue Well-Known Member

    Joined:
    May 3, 2005
    Messages:
    335
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Carmichael, CA
    cPanel Access Level:
    Root Administrator
    They (the PCI Compliance scanners) will ding you for having an .htaccess.
     
Loading...

Share This Page