Skip to main content

PCI scan of IP address finds /webmail

Vinnie Murdico

When I provide the primary IP address on my server hosting my main website (where credit card transactions occur), the PCI scanner always flags:

https://xxx.xxx.xxx.xxx/webmail 

as "Predictable Resource Location Via Forced Browsing"

They want confirmation that this URL cannot be used to expose sensitive information or attack/exploit the system.

An easier solution to avoid this flag altogether would be to simply disable this webmail address/form since it's not used anyway.  My hosted accounts use their own accounts' webmail (hosted on a separate IP), but this IP's /webmail address does not get used and it's the only IP being scanned in this case.

Is there a way to disable or redirect just this one /webmail address so it just returns a 403 error or something?  Or can I block the webmail port(s) on just the main IP address where they're flagging it without blocking webmail for hosted users on another IP?

Thanks!

Comments

2 comments

Date Votes
  • quietFinn

    if you use CSF then you can add this to csf.deny
    tcp|in|d=2095,2096|d=xxx.xxx.xxx.xxx

    and then:
    csf -ra

     

    0
  • Vinnie Murdico

    Awesome - thanks!

    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post