Trustwave just ran a scan and failed my site. The issue is:
Web Application Transmits Login Medium Credentials Without Encryption
Hostgator's PCI folks found the issue to be these URLs:
[url=“http://www.mysite.com:80/admisapi/”]http://www.mysite.com:80/admisapi/[/url]
[url=“http://www.mysite.com:80/isapi/”]http://www.mysite.com:80/isapi/[/url]
[url=“http://www.mysite.com:80/cgi-isapi/”]http://www.mysite.com:80/cgi-isapi/[/url]
and they pointed to this line in CS Cart's default .htaccess file:
RewriteRule api/(.*)$ api.php?_d=$1&ajax_custom=1 [L,QSA]
That line in htaccess creates the URL – [url=“http://www.mysite/ap...&ajax_custom=1.”]http://www.mysite/ap...&ajax_custom=1.[/url] This is what needs to be secured with https. Their recommendation is to add this line to my htaccess:
root@nov [/home/mysite/public_html]# ll api.php
-rw-r--r-- 1 omnivos omnivos 1235 Oct 21 00:23 api.php
What I am trying to find out is if this might cause a problem in other areas of the cart.
Thanks.