The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Trustwave PCI Failure - mod_proxy

Discussion in 'Security' started by Serra, Jan 24, 2012.

  1. Serra

    Serra Well-Known Member

    Joined:
    Oct 27, 2005
    Messages:
    213
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    Florida
    I just got dinged for running mod_proxy on a Apache 2.2.21 system, which apparently now is a PCI compliance issue.

    The suggested fix was to run Apache 2.2.21-dev. (As we all know, development or beta software is so much more secure than production/release software)

    I've asked for an exception, since running unreleased software is against my policy.
     
  2. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    If needed, you can run EasyApache and build without mod_proxy enabled. It is listed in EasyApache as Proxy (required for cPanel/WHM/Webmail/Webdisk proxy VirtualHost support). As noted, the only effect it will have on cPanel is to disable the proxy subdomains (whm.yourdomain.tld, cpanel.yourdomain.tld, and so on).
     
  3. Serra

    Serra Well-Known Member

    Joined:
    Oct 27, 2005
    Messages:
    213
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    Florida
    We have already had to disable webdisk due to the lack of forced SSL support, so that isn't an issue. Now it appears that we will need to disable mod_proxy as well, Trustwave is not backing down on wanting us to install 2.2.21-dev. Sort of that they want us to disable mod_proxy.
     
Loading...

Share This Page