Configure Apache settings for PCI compliance

1146050 pts.
Tags:
Apache
PCI compliance
For the past few weeks, I've been trying to make my server PCI compliant. I need to remove the INode from an Apache ETag header. So I made this change:
<Directory "/var/www/html">
    Options FollowSymLinks

    AllowOverride None

    Order allow,deny
    Allow from all

    FileETag MTime Size
But now I'm getting this error when doing a PCI compliance test:
Apache ETag header discloses inode numbers Severity: Potential Problem CVE: CVE-2003-1418 Impact: A remote attacker could determine inode numbers on the server. Resolution Use the http://httpd.apache.org/docs/2.2/mod/core.html#FileETag FileETag directive to remove the INode component from the calculation of the ETag. For example, place the following line in the Apache configuration file to calculate the ETag based only on the file's modification time and size: FileETag MTime Size Vulnerability Details: Service: 8000:TCP
What should I do here?
0

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: