Nginx and PCI Compliance
Published in
Jan 17, 2021
Based my experience with Nginx and PCI compliance scan, there are few things you need to setup to make sure it passes the PCI compliance:
- Disable TLSv1 (this is not valid is you’re using latest Nginx version 1.19.3)
Follow my guide here if you need to do that: https://medium.com/zurassic/how-to-completely-disable-tls-v1-from-nginx-99f6e2862cb8
2. Disable Server Token
vi /etc/nginx/nginx.conf
# add the following line in http section
server_tokens off;
This will hide your Nginx version in 404 page or curl result. Note it’ll still tell you’re using Nginx.