?
Solved

Web server leaks a private IP address through its HTTP headers - IIS issue

Posted on 2010-08-26
4
Medium Priority
?
509 Views
Last Modified: 2012-05-10
This is my first time using the "Ask a Related Question" function, so just to be thorough, this is the question I'm following up on: http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Microsoft_IIS/Q_24906199.html?sfQueryTermInfo=1+10+30+address+header+http+ip+it+leak+privat+server+through+web

I'm having the exact same problem as described in this post:  PCI compliance scan returned a fail with the error:  "This web server leaks a private IP address through its HTTP headers."  

My first challenge is that I have 3 servers at this IP, and the company doing the scan can't tell me which server is the problem.  However, since this is an IIS problem, and only 2 servers use IIS, that narrows it down.  Also, since the error is identified as being with port 80, and default website on one server is on port 80, and on the other server, the default website is a different port, I'm going to assume it's the server with the default website on port 80.

I'm hoping JerrytheGreat's solution

C:\Inetpub\AdminScripts> cscript.exe adsutil.vbs set w3svc/1/SetHostName mail.mydomain.com

will take care of the problem, but what I'm not clear on is how he determined that the site identifier was 1.  In a related post, it gave the same command, and specified that where JerrytheGreat has a 1 is where you put the site identifier.  But how do I know what the site identifier is?  (I didn't set up IIS - I know very little about it.)

My deadline for this is Tuesday Aug 31st, so it's definitely urgent.

Thanks for your help.
0
Comment
Question by:krlaw6
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 3

Expert Comment

by:init2winit_Dan
ID: 33534282
It may also be a Firewall setting (NAT)
0
 
LVL 5

Expert Comment

by:ncomper
ID: 33534370
Hi

I did manage to resolve all the errors that the PCI scan highlighted, let me go back through my notes for that job and ill post them here if someone doesn't come back beforehand,

I will have to do it tomorrow now though as i have left the office.

Regards

Nick
0
 
LVL 8

Accepted Solution

by:
jimmyray7 earned 2000 total points
ID: 33534441
0
 

Author Closing Comment

by:krlaw6
ID: 33536354
Thanks, jimmyray7/  I appreciate it.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
New style of hardware planning for Microsoft Exchange server.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question