Recently got audited and a scan found that one of my IIS 6.0 servers was returning it's private IP in the HTTP response body. How can I block this IP from being displayed?
attached is the actual snippet from the audit.
GET https://csr.pscufs.com/FIEnrollment HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; MS-RTC LM 8) Paros/3.2.13
HTTP/1.1 301 Moved Permanently
Date: Wed, 15 Oct 2008 13:52:02 GMT
Keep-Alive: timeout=1201, max=100
<body><h1>Object Moved</h1>This document may be found <a HREF="http://172.x.x.x/FIEnrollment/">here</a></body>