standard cPanel service URLs on http:// do not redirect to https:// when compared to without nginx - PCI compliance issue #1487
Comments
|
I actually just came across this documentation post: Looks like this is exactly what I need. I'm wondering why we don't include this by default? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
I just noticed that on servers that do not have Engintron, going to http://webmail.domain.tld on cPanel auto-redirects to https://webmail.domain.tld when the appropriate settings are configured in WHM--> Tweak Settings:
Choose the closest matched domain for which that the system has a valid certificate when redirecting from non-SSL to SSL URLs. Formerly known as “Always redirect to SSL/TLS” [ENABLED]
Require SSL for cPanel Services --> ON
On this cPanel without Engintron, going to http://webmail.domain.tld , it automatically redirects to https://webmail.domain.tld which has a valid SSL installed.
On the same cPanel with Engintrol installed, going to http://webmail.domain.tld does not redirect to https://.
I believe this is a bug, and it will affect PCI compliance on future PCI compliance scans.
The text was updated successfully, but these errors were encountered: