4
Kaji
127d

PCI DSS scan came back saying that WebDAV extensions need to be disabled. Kind of surprised, since I have other servers I’ve configured to standard and I can’t find anything in my notes about it.

In either case, been searching for info on how to fix it for 2 days and turned up nothing useful. Report found it on ports 80 and 443, so a firewall fix seems out here.

Running Plesk 17.5.3 on CentOS 7. Anyone have any pointers on how to get the job done?

Comments
  • 1
    Notes for Arch, I don’t know if CentOS will use the same modules https://wiki.archlinux.org/index.ph...

    Can you connect or is it just listening?
  • 1
    @bkwilliams Skimming it, looks like we may have a winner! Heading home now, but I’ll try it when I get back and let you know how it turns out.

    Thanks!
  • 1
    @bkwilliams OK, we've made a bit of headway, but still not there. The link gave me some stuff to think about, and through testing and such I managed to track down https://unix.stackexchange.com/ques... , which provided further insights on where things should be, but `httpd -M | grep fs` still shows the module as active, even though it doesn't appear in any .conf or .inc file I've seen in any directory.

    That said, I did find where I could disable file sharing in Plesk, so I've done that, and am thinking it might be worth a rescan at this point to see if that was sufficient.
  • 0
    @Kaji yay distributed workload!
    Glad to help.
Your Job Suck?
Get a Better Job
Add Comment