FileETag

Does anyone in the group have any experience achieving PCI Compliance with, e.g. SecurityMetrics.com? In my case, I could save client a ton of money by solving this.

The SecurityMetrics.com test is complaining about the Apache ETag. Can we somehow use .htaccess to change the ETag values?

Is there a best practice for this kind of thing?

cannot set directive

have tried various locations, from httpd.conf to various files in /var/aegir/config/ - seems that apache is just ignoring this line. Any other apache options and configs works. Writing to this group, because on the non-aegir server (different one) everything is fine. Servers are not 100% identical, but I cannot understand what is causing webserver to ignore this... YSlow reports, that it is not enabled on all files.

Apache 2.2.x prefork
Pressflow latest with
Aegir 0.4 alpha7
PHP 5.2.x latest from IUS, as mod_php