Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 1 subscriber
  • Views 9393 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

website Vulnerability report

mcnjr
I recently moved from TMG to sophos UTM and I have published several websites through the firewall. My company gets scans PCI compliance and we just failed our most recent scan because The HTTP TRACE and/or TRACK methods are enabled on this web server. I can't find for the life of me, a place to block this on the sophos UTM. Any help would be appreciated.


This thread was automatically locked due to age.
Parents
  • 0
    I ended up doing the same thing, adding the traceenable off to the httpd.conf file. You can restart the reverse proxy by using this command /var/mdw/scripts/reverseproxy restart

    After adding the traceenable off to the httpd.conf file, I ran the pci scan and passed. I also opened a dispute with the company that runs our pci scan since apache claims having trace enabled is not a security vulnerability but I don't imagine that much will come of it.
Reply
  • 0
    I ended up doing the same thing, adding the traceenable off to the httpd.conf file. You can restart the reverse proxy by using this command /var/mdw/scripts/reverseproxy restart

    After adding the traceenable off to the httpd.conf file, I ran the pci scan and passed. I also opened a dispute with the company that runs our pci scan since apache claims having trace enabled is not a security vulnerability but I don't imagine that much will come of it.
Children
No Data
Unfiltered HTML