zurassic
Published in

zurassic

Andrew Zheng

Jan 17, 2021

1 min read

Nginx and PCI Compliance

Based my experience with Nginx and PCI compliance scan, there are few things you need to setup to make sure it passes the PCI compliance:

  1. Disable TLSv1 (this is not valid is you’re using latest Nginx version 1.19.3)

Follow my guide here if you need to do that: https://medium.com/zurassic/how-to-completely-disable-tls-v1-from-nginx-99f6e2862cb8

2. Disable Server Token

This will hide your Nginx version in 404 page or curl result. Note it’ll still tell you’re using Nginx.

Nginx
Pci Compliance
Security Scanning
Digitalocean

--

--

More from zurassic

Evolving, in a world with software and design

Read more from zurassic

Recommended from Medium

Tiger Collins

Wherefore Art Thou: Post-Mortem

Ewele Val-Okenyi

Continuous Integration, Continuous Delivery, And Continuous Deployment (CI/CD)

jogetworkflow

10 Misconceptions About Rapid Application Development You Need to Do Away With

Sneha Mahajan

LeetCode 700- Search in a Binary Search Tree

Aasavari Kaley

in

Level Up Coding

Google Data Studio in 6 steps — Beginners Guide

mcsavvy

Python annotations: Here’s why you should use them NOW

Roy Amoo

See The Difference? Our President is No Longer a Global Embarrassment.

IT Hands

How to Choose the Best Hosting Server

AboutHelpTermsPrivacy

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Andrew Zheng

Andrew Zheng

84 Followers

Full stack problem solver with a passion for simplicity. Personal site: http://zurassic.com

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech