Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Trustwave PCI Failure - mod_proxy

Discussion in 'Security' started by Serra, Jan 24, 2012.

  1. Serra

    Serra Well-Known Member

    Joined:
    Oct 27, 2005
    Messages:
    235
    Likes Received:
    9
    Trophy Points:
    168
    Location:
    Florida
    I just got dinged for running mod_proxy on a Apache 2.2.21 system, which apparently now is a PCI compliance issue.

    The suggested fix was to run Apache 2.2.21-dev. (As we all know, development or beta software is so much more secure than production/release software)

    I've asked for an exception, since running unreleased software is against my policy.
     
  2. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,840
    Likes Received:
    20
    Trophy Points:
    143
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    If needed, you can run EasyApache and build without mod_proxy enabled. It is listed in EasyApache as Proxy (required for cPanel/WHM/Webmail/Webdisk proxy VirtualHost support). As noted, the only effect it will have on cPanel is to disable the proxy subdomains (whm.yourdomain.tld, cpanel.yourdomain.tld, and so on).
     
  3. Serra

    Serra Well-Known Member

    Joined:
    Oct 27, 2005
    Messages:
    235
    Likes Received:
    9
    Trophy Points:
    168
    Location:
    Florida
    We have already had to disable webdisk due to the lack of forced SSL support, so that isn't an issue. Now it appears that we will need to disable mod_proxy as well, Trustwave is not backing down on wanting us to install 2.2.21-dev. Sort of that they want us to disable mod_proxy.
     
Loading...

Share This Page