From: "Bill Berg" <billberg (at mark) northernweb.net>
> Has anybody achieved PCI compliance with a Centos/BQ server?
> If so, what am I missing?
>
> Trying to get PCI compliant, and we are told to disable trace and track.
>
> I find that I should put this code in the main section of httpd.conf:
>
> RewriteEngine on
> RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F]
>
> And then add it again in each virtual host that we need to block.
>
> <VirtualHost>
> RewriteEngine on
> RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F]
> </VirtualHost>
>
>
> When I add it to the main file, no problem. I add it to the Virtualhost
> and
> I get this when I try to bring up the site in a browser:
>
> Firefox has detected that the server is redirecting the request for this
> address in a way that will never complete.
>
> I'm guessing that it has something to do with the other Rewrite directives
> already in that VirtualHost. It now looks something like this:
>
> RewriteEngine on
> RewriteCond %{HTTP_HOST} !^IPADDRESS(:80)?$
> RewriteCond %{HTTP_HOST} !^www.domain.com(:80)?$ [NC]
> RewriteRule ^/(.*) http://www.domain.com/$1 [L,R]
> RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
> RewriteRule .* - [F]
> RewriteOptions inherit
>
>
> Am I putting the directives in the wrong order, or should I eliminate
> something else?
>
> Bill Berg
> Northern Webworks
> 715-627-0400 or 1-866-572-1333
>
Bill
You can check your servers using:
http://web-sniffer.net
Check the site, and also check the first site on the server (the one that is
displayed when you type in the IP address).
I add the lines below to each include file.
E.g.
/etc/httpd/conf/vhosts/site18.include
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
----
Ken Marcus
Ecommerce Web Hosting by
Precision Web Hosting, Inc.
http://www.precisionweb.net