Start Free TrialLog in
Avatar of R_ReVo
R_ReVo

asked on 

IP address is revealed in the content-location field in the TCP header in IIS 6.0

We have recently undergone a network vulnerability scan and we were told that an IP address is revealed in the content-location field in the TCP header in IIS 6.0 on one of our MS 2003 (Standard - SP1) Servers.  Unfortunitely it is the server that is running Exchange 2003 (SP2) with OWA.  I tried changing the SetHostName and the UseHostName properties as described in Microsofts KB Article 834141, but when I change either of these two properties I am unable to access my OWA (page can not be displayed).  Does anyone have a fix/workaround as to not allow an IP address to be revealed in the content-location field in the TCP header and allow OWA to function properly?


denlight2
06.24.2008 at 06:04PM CDT, ID: 21861382
Well it turns out I can answer my own question. I was able to pass a PCI scan and fix the HTTP Header vulnerability by leaving UseHostName = false and setting SetHoseName = network.(domain).com. Where that subdomain is the domain used to access RWW.

I'm sticking with my solution of disabling form authentication to resolve the URL injection issue.
ExchangeMicrosoft IIS Web ServerEmail Software
Avatar of undefined
Last Comment
R_ReVo
ASKER CERTIFIED SOLUTION
Avatar of dbfarrow
dbfarrow
Flag of United States of America image
Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of R_ReVo
R_ReVo

ASKER

Good old M$...

(I was unable to connect to OWA externally, when I changed the SetHostName or UseHostName properties.)

But... I just set SetHostName to the same as the external domain name and our OWA appears to be functioning properly externally.  (THANKS!)  I am going to schedule another network vulnerability scan tonight and say my prayers....   Thanks again.
Exchange
Exchange

Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.

213K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts

  • "Invaluable tool for our organization"

    Josh Regalski

  • "Your help has saved me hundreds of hours of internet surfing."

    @fblack61

  • "Just a dang good service!"

    @golferski

  • "Worth every penny."

    Steve Hougom

  • "It’s been a life saver."

    Maria Halt

  • "Best support site I’ve seen!"

    Bob Schneider

  • "I would be lost without them."

    @fblack61

  • "Saved my job multiple times."

    Walt Forbes

  • "I love this site."

    Maria Duwe

  • "Friendly respectful help."

    Andrew Kowtalo

  • "Such top-notch experts."

    @magento

  • "The best money I have ever spent."

    @rwheeler23

  • "Beyond any comprehensible value"

    George Morris

  • "Invaluable tool for our organization"

    Josh Regalski

Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo
© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent