1.3.1

1.3.1  ::  Implement a DMZ to limit inbound and outbound traffic to only protocols that are necessary for the cardholder data environment.

Basically, this means you should use a DMZ to host an apache server using mod_proxy to talk with the backend applications.  No application should have a direct socket to any server on the internet.