During my latest PCI Compliance scan, one vulnerability that came up was that "web application transmits login credentials without encryption". The two examples it gave were:
http://www.domain.com/_private/
http://0.0.0.0/_private/
In WHM, I have the following security settings in place:
Require SSL: On
Enable HTTP Authentication: Off
I tried to use the following code in the .htaccess file in the _private folder, but it did not work:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} _private
RewriteRule ^(.*)$ https://www.domain.com/_private/$1 [R,L]
Can anyone tell me how to force SSL when accessing the _private folder from a browser?
How to force secure login to _private folder?
Sabtu, 05 Mei 2012
Cpanel Blog How to force secure login to _private folder? May,2012
Diposting oleh Bimo Hery Prabowo di 13.32
Langganan:
Posting Komentar (Atom)
0 komentar:
Posting Komentar