pci scan issues

Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions
View previous topic :: View next topic  
Author Message
crpngdth
DD-WRT Novice


Joined: 10 Sep 2019
Posts: 13
PostPosted: Wed Jan 19, 2022 22:59    Post subject: pci scan issues Reply with quote
build 47822

with the web gui on via wan, im getting a couple failing vulnerabilities reported on the pci compliance report:
    Reflected Cross-Site Scripting (XSS) in HTTP Header
    Same Site Scripting


is this something i can configure around while leaving the web gui in place?
Back to top View user's profile Send private message
Sponsor
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9157
PostPosted: Thu Jan 20, 2022 2:10    Post subject: Reply with quote
This is why everyone is urged to NOT open the GUI to the WAN! The httpd server running on the router is NOT hardened like a full-blown, production server. It's a minimalist server meant to provide the most basic functionality to small embedded devices like the router. Anyone needing access to the GUI from the internet should use a VPN (OpenVPN, Wireguard, etc.).
_________________
ddwrt-ovpn-split-basic.sh (UPDATED!) * ddwrt-ovpn-split-advanced.sh (UPDATED!) * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-remote-access.sh * ddwrt-ovpn-client-backup.sh * ddwrt-mount-usb-drives.sh * ddwrt-blacklist-domains.sh * ddwrt-wol-port-forward.sh * ddwrt-dns-monitor.sh (NEW!)
Back to top View user's profile Send private message
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14246
Location: Texas, USA
PostPosted: Thu Jan 20, 2022 2:41    Post subject: Reply with quote
You should still be able to access it via ssh tunnel remotely, but VPN is probably better. Both options much more secure than using https remote management.

https://forum.dd-wrt.com/wiki/index.php/Web_interface
https://forum.dd-wrt.com/wiki/index.php/Telnet/SSH_and_the_command_line
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Back to top View user's profile Send private message Visit poster's website
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum