We have an issue using our IIS server. If you send a request to IIS using HTTP/1.0 and do not provide a HOST in the headers of the request the server responds with the internal IP of the server.
We have to block this. We've found the only way to block it is to either use ASP pages that spew out the .htm page.
This only happens when requesting .htm or .html pages.
What I'm really looking for is a way to either stop it from returning the internal IP, or to return 1.1 responses to a 1.0 request.
And yes, I do know there is a way to disable it one way through the metabase. But the issue is the server variables always return that hard coded value. So we never know if they are on the IP, domain, or sub domain, or anything.
Our software requires that knowledge to function because it does redirects and acts differently if you are on a temporary domain, as opposed to a fully functional one.
Anyone have some ideas?