This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

website Vulnerability report

I recently moved from TMG to sophos UTM and I have published several websites through the firewall. My company gets scans PCI compliance and we just failed our most recent scan because The HTTP TRACE and/or TRACK methods are enabled on this web server. I can't find for the life of me, a place to block this on the sophos UTM. Any help would be appreciated.

This thread was automatically locked due to age.

Parents

0 William Warren over 9 years ago

it depends. You say published through the utm. are you using webserver protection of the utm or simply forwarding the traffic to your webservers?

if the first then you have a misconfiguration. if the second the issue it on your servers not the utm. You need to secure the webserver itself..that is not something the utm can do in the second scenario.

Owner: Emmanuel Technology Consulting

http://etc-md.com

Former Sophos SG(Astaro) advocate/researcher/Silver Partner

PfSense w/Suricata, ntopng,

Other addons to follow
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 William Warren over 9 years ago

it depends. You say published through the utm. are you using webserver protection of the utm or simply forwarding the traffic to your webservers?

if the first then you have a misconfiguration. if the second the issue it on your servers not the utm. You need to secure the webserver itself..that is not something the utm can do in the second scenario.

Owner: Emmanuel Technology Consulting

http://etc-md.com

Former Sophos SG(Astaro) advocate/researcher/Silver Partner

PfSense w/Suricata, ntopng,

Other addons to follow
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data