https://community.sophos.com/utm-firewall/f/general-discussion/142309/utm---redirection-via-arbitrary-host-header-manipulationHi, A customer of ours has had PCIDSS check done and failed, the report came back with the following but not sure what to do. They only have one website behind the firewall, exchange owa. Looking at the details, its referring to the UTM as the Hosten-USTelligent Community 12https://community.sophos.com/thread/530668?ContentTypeID=1Wed, 11 Oct 2023 20:46:24 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:8e700bc0-9263-4bf2-acd7-bfb27dcc16cfSGICT<p>So this turned out to be a tricky one with no real good outcome as the PCI DSS scan was being done by an external firm and no means to find out what tools they were using to detect this nor were they willing to help.</p> <p>This is from Sophos Tech Support so even they didnt know why the scan was picking it up because they remoted in and saw there were no WAF rules in place.</p> <p>In a nutshell, disabling WAF was the only way to stop the scan failing - if you are doing this please ensure you are not using WAF.</p> <p>So to do this</p> <p>SSH into the UTM</p> <p>Logon as loginuser</p> <p>su root</p> <p>cd.. <br />cd..<br />cd etc<br />cd init.d<br />/var/mdw/scripts/reverseproxy stop</p> <p>The command will only stop the service and it&#39;ll restart again when the UTM is next rebooted.</p><div style="clear:both;"></div>