The latest insights from the load balancing experts | Loadbalancer.org
  • Support
  • Blog
  • +1 833 274 2566
  • Solutions
  • Services
  • Products
  • Resources
  • Get Started
  • Support
  • Blog
Schedule your demo
  • Solutions
  • Services
  • Products
  • Resources
  • Get Started
  • Support
  • Blog

The latest insights from the load balancing experts | Loadbalancer.org

  • Latest posts
  • By topic
    • How Tos
    • Events
    • Guest Blogs
    • Top Ten Blogs
    • HA Proxy
  • By sector
    • Healthcare
    • Storage
    • Security
    • Print
    • Microsoft
  • How-To's
  • HAProxy
  • High Availability
  • Just for Fun
  • Security
  • Events
  • News
  • Linux
  • Top 10 Blogs
  • Amazon AWS
  • Reviews and Comparisons
  • Healthcare
  • SSL
  • Web Application Firewall (WAF)
  • Case Studies
  • Microsoft Azure
  • Disaster Recovery
  • Direct Server Return (DSR)
  • Global Server Load Balancing (GSLB)
  • Microsoft
  • Microsoft Exchange
  • Print
  • Denial of Service
  • Microsoft Remote Desktop Services
  • Object Storage
  • Web Filters / Proxy
  • Broadcast Media
  • X-Forwarded-For Header (XFF)
  • Guest Blogs
  • VMware
  • Google Cloud Platform (GCP)
  • Nutanix
See more tags

Why did my Loadbalancer just fail the PCI compliance test?

26 November 2013 / 1 min read / Web Application Firewall (WAF)

Let me first say that I'm not really a fan of PCI scanners. It's not so much that I'm anti security scanners but rather that scanning for vulnerabilities based on only the version number a package returns seems rather simplistic to me.

However, what should I do if my PCI scanner reports that the Apache version running the WebUI on my appliance is too old?

Well first to coin a phrase from "The Hitchhiker's Guide" DON'T PANIC!!

Our appliance is built on the widely used CentOS 6 platform and Red Hat do an amazing job of backporting security / bug fixes into their older and more stable package base. This means the chances are that any reported failures have been fixed already. It's also worth pointing out that we would never recommend that you use the appliance as your only firewall and really the WebUI should not be accessible to the wider internet.

When a PCI scanner reports a failure they'll give you a CVE number. You can then use this number to check against various websites to learn more about the problem and also in which version the problem is fixed. One such website is :
https://access.redhat.com/security/cve

Just select the relevant year and search for the CVE number in the filter box, to see Red Hat's response select the "Red Hat Enterprise Linux version 6" errata.

Another option(V7.4+) is to check against the package change log directly on the appliance itself :

rpm -q --changelog httpd |grep CVE-2011-3192

The above searches the changelog for any mention of CVE-2011-3192 and displays a result if found :

  • add security fix for CVE-2011-3192 (#733063, #736592)

Should your scanner find anything that's not already patched then please do contact support@loadbalancer.org to let us know, we can then look at either updating a package(if possible) or disabling a feature if it's not really required.

Malcolm has already had a moan about PCI DSS on a previous blog post

Found in

Web Application Firewall (WAF)

About the author

Aaron West-profile-image
Aaron West

Coming from a background assisting companies large and small to get the most from open source solutions. Aaron found joining the support team at Loadbalancer.org a natural progression. Aaron’s interests include distro-hopping, B Movies and quality time spent with his family.

Read More

Related posts

Web Application Firewall (WAF)
Web Application Firewall (WAF)
6 Jan 2021
ModSecurity and the Case of the Never Decreasing Variables Andrew Howe
Learn more about our method to implement a more robust solution for deprecating counters in ModSecurity WAF.

10 min read

Read more
Web Application Firewall (WAF)
Web Application Firewall (WAF)
31 Jul 2020
Secure connections: encrypt, inspect and decrypt traffic when using a WAF Neil Stone
Protect both web servers and users, with this combination of layers and tools.

4 min read

Read more
Reviews and Comparisons
28 Nov 2013
10 reasons NOT to choose Loadbalancer.org... Jake Borman
After the success of my previous ramblings, 10 reasons to choose Loadbalancer.org..., I thought it only fair that I take a few moments to highlight the reasons why you shouldn't be using Loadbalancer.org.

3 min read

Read more

Get started

Get in touch

Start a conversation about the right solution for your business.

Get in touch

Create your quote

Transparent pricing you can see straight away.

Create your quote

Download now

Try us free for 30 days – see why our customers love us.

Download now

Schedule a virtual meeting with us

Working remotely or from home? Let’s meet on a call or online.

Let's meet

Follow Loadbalancer.org

+1 833 274 2566
  • Company
    • Solutions
    • Services
    • Load balancer
    • Why Loadbalancer.org
    • Blog
    • Professional services
    • Sitemap
  • Load balancer
    • Get a quote
    • Free trial
    • Online demo
  • Resources
    • Manuals
    • Deployment guides
    • Applications
    • White papers
    • Case studies
    • Solutions
  • Support
    • FAQ's
    • Open a ticket
    • Security news
  • Applications
    • Healthcare
    • Storage
    • Print
    • Security
    • Microsoft
The latest insights from the load balancing experts | Loadbalancer.org

The latest insights from the load balancing experts | Loadbalancer.org. All rights reserved

  • Contact Us
  • Terms & Conditions
  • Privacy Policy