zurassic
Published in

zurassic

Nginx and PCI Compliance

Based my experience with Nginx and PCI compliance scan, there are few things you need to setup to make sure it passes the PCI compliance:

  1. Disable TLSv1 (this is not valid is you’re using latest Nginx version 1.19.3)

Follow my guide here if you need to do that: https://medium.com/zurassic/how-to-completely-disable-tls-v1-from-nginx-99f6e2862cb8

2. Disable Server Token

This will hide your Nginx version in 404 page or curl result. Note it’ll still tell you’re using Nginx.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store