Nginx and PCI Compliance
Based my experience with Nginx and PCI compliance scan, there are few things you need to setup to make sure it passes the PCI compliance:
- Disable TLSv1 (this is not valid is you’re using latest Nginx version 1.19.3)
Follow my guide here if you need to do that: https://medium.com/zurassic/how-to-completely-disable-tls-v1-from-nginx-99f6e2862cb8
2. Disable Server Token
# add the following line in http section
This will hide your Nginx version in 404 page or curl result. Note it’ll still tell you’re using Nginx.