Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: Apache 2.2.11 with SSL and PCI Compliance |
|
Author |
|
dodya_tn
Joined: 02 Feb 2009 Posts: 1 Location: Tennessee
|
Posted: Mon 02 Feb '09 18:10 Post subject: Apache 2.2.11 with SSL and PCI Compliance |
|
|
My organization is undergoing PCI compliance affirmation and I'm having a bit of a problem.
First thing, I downloaded the 2.2.11 with SSL from here and updated PHP to the latest as well.
Out of 3 vulnerability scans, the first and last scan reported FrontPage Extensions were found. We have NEVER had FrontPage Extensions installed on this Windows 2003 R2 server (but MS FTP is running - but it's accessible from a single internal IP only, i.e. the PCI scan cannot detect FTP service).
My question is this: How can I disable FrontPage when it was never installed?
From apache2handler section of phpinfo:
Apache Version: Apache/2.2.11 (Win32) PHP/5.2.8
Apache API Version: 20051115
Loaded Modules: core, mod_win32, mpm_winnt, http_core, mod_so, mod_include, mod_log_rotate, mod_php5, mod_actions, mod_alias, mod_asis, mod_auth_basic, mod_authn_default, mod_authn_file, mod_authz_default, mod_authz_groupfile, mod_authz_host, mod_authz_user, mod_autoindex, mod_dir, mod_env, mod_log_config, mod_mime, mod_negotiation, mod_setenvif, mod_rewrite |
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7373 Location: Germany, Next to Hamburg
|
Posted: Mon 02 Feb '09 18:51 Post subject: |
|
|
I think that the security scanner tells you a lie. The modules you load don't offer anything for Frontpage. |
|
Back to top |
|
|
|
|
|
|