PCI compliance reverse proxy issue

  • Hi there,

    I’m trying to get my Website PCI compliant. I seem to keep failing because of a reverse proxy detection and I don’t really know what to do. The website is shared hosting through GoDaddy, and because of this there’s access to the WordPress server through reverse cacheing/reverse proxy. This can’t be changed by Godaddy because of the shared hosting. My website is https://www.stubbs.coffee any suggestions would be great. Thanks

Viewing 1 replies (of 1 total)
  • Tim Nash

    (@tnash)

    Spam hunter

    You are never going to be able to become PCI Compliant on a shared host, as you are sharing resources and OS processes with unknown entites i.e other users of the host.

    It’s interesting the scanner (I assume you are using an automated scanner) has picked up a proxy, it’s most likely due to the way GoDaddy routes traffic to their shared hosts. Again nothing you can do about it.

    I’m afraid the answer is move, to a VPS/Dedicated hardware and make sure your host is set up to provide PCI compliant services very few are.

    However you may be able to reduce scope of PCI compliance away from your site, by using a payment provider who offers either remotely hosted payment form or uses iFrames like Stripe or Braintree.

    Either way, you are probably best getting advice as getting PCI-DSS compliant is not particularly easy or straight forward so where possible it’s best to avoid your site being within scope in the first place.

Viewing 1 replies (of 1 total)
  • The topic ‘PCI compliance reverse proxy issue’ is closed to new replies.