|
Home > Archive > IIS Server Security > July 2006 > IIS 6.0 leaks internal IP address in Content-Location header
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
IIS 6.0 leaks internal IP address in Content-Location header
|
|
| Andrew Head 2006-07-28, 7:19 pm |
| Hello,
I have an IP leak problem running IIS 6.0 on W2K3 SP1. I have followed
recomendations in KB218180 and KB834141 and configured SetHostName so that
my websites do
not return internal IP addresses. I have also configured host headers for
my websites.
But, my server still returns a private IP in the response to the following
request:
HEAD / HTTP/1.0
I can't find any other solutions beyond the above. Does anyone have any
suggestions?
| |
| Daniel Crichton 2006-07-31, 1:23 pm |
|
"Andrew Head" <AndrewHead@discussions.microsoft.com> wrote in message
news:B05A112E-88E6-4A36-9237-8591136686CB@microsoft.com...
> Hello,
>
> I have an IP leak problem running IIS 6.0 on W2K3 SP1. I have followed
> recomendations in KB218180 and KB834141 and configured SetHostName so that
> my websites do
>
>
> not return internal IP addresses. I have also configured host headers for
> my websites.
>
> But, my server still returns a private IP in the response to the following
> request:
> HEAD / HTTP/1.0
>
> I can't find any other solutions beyond the above. Does anyone have any
> suggestions?
>
KB218180 is for IIS4 and IIS5.
KB834141 is for IIS6, but also requires the hotfix. However, that hotfix is
pre-SP1 - SP1 includes newer versions of both of those files.
I remember going through both of those articles, and some others. If I
remember, I'll post details. As of right now, there is no Content-Location:
header returned by my sites - and I don't have a custom ISAPI dll installed.
Dan
|
|
|
|
|