1.3.1

1.3.1 :: Implement a DMZ to limit inbound and outbound traffic to only protocols that are necessary for the cardholder data environment.

Basically, this means you should use a DMZ to host an apache server using mod_proxy to talk with the backend applications. No application should have a direct socket to any server on the internet.