Passing PCI Compliance

The Panel provides a ready-to-use template for Apache configuration that passes PCI compliance scans successfully. To utilize the solution, use the template from the templates/pci_compliance directory: copy or move it to templates/custom and generate new configuration.

The solution includes the following:

• Disabling Trace (setting TraceEnable directive to Off).

  Implemented in the default template server/pci_compliance.php, too; used if the server supports this option, else a workaround from the domain/PCI_compliance.php template is used.

• Setting ServerTokens directive to ProductOnly.
• Disabling SSLv2 and weak ciphers.

##

## Source: templates/pci_compliance/server/pci_compliance.php

##

<?php if (!$VAR->server->webserver->apache->traceEnableCompliance): ?>

        TraceEnable off

<?php endif; ?>

// disable Trace

ServerTokens ProductOnly

//set ServerTokens directive

SSLProtocol -ALL +SSLv3 +TLSv1

//use only SSLv3 and TLSv1 protocols

SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

//use only strong encryption methods in the SSL connection