• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 660
  • Last Modified:

IIS 6.0 retuning private IP in HTTP reponse header

Recently got audited and a scan found that one of my IIS 6.0 servers was returning it's private IP in the HTTP response body.  How can I block this IP from being displayed?

attached is the actual snippet from the audit.


Request
GET https://csr.pscufs.com/FIEnrollment HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; MS-RTC LM 8) Paros/3.2.13
Host: csr.pscufs.com
Connection: Keep-Alive
Accept-Language: en-us
 
Response
HTTP/1.1 301 Moved Permanently
Date: Wed, 15 Oct 2008 13:52:02 GMT
Content-Length: 156
Content-Type: text/html
Location: https://csr.pscufs.com/FIEnrollment/
X-Powered-By: ASP.NET
Keep-Alive: timeout=1201, max=100
Connection: Keep-Alive
 
<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://172.x.x.x/FIEnrollment/">here</a></body>

Open in new window

0
tpagolfnut
Asked:
tpagolfnut
  • 2
1 Solution
 
harperseCommented:
I believe that if you place a host header into your configuration, it will reply with the host header rather than the IP address.  Purely a guess.

Best of luck,
harperse
0
 
tpagolfnutAuthor Commented:
Thanks, i will give it a try and let you know the outcome.
0
 
tpagolfnutAuthor Commented:
Worked with Microsoft support on this.  They told me the easiest way to do this was remove the reference to the default pages in the website properties.  I removed them then disabled the use of default pages.  Thanks for your assistance.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now