1

I've already located this question on server fault:

Server Fault Question

But there is no answer. Does anyone have any advice on how to fix the issue? We're running 2003 Server R2 Ent, latest service pack is applied, IIS 6.0

Here's what the compliance company is saying:

Synopsis : This web server leaks a private IP address through its HTTP headers. Description : This may expose internal IP addresses that are usually hidden or masked behind a Network Address Translation (NAT) Firewall or proxy server. There is a known issue with Microsoft IIS 4.0 doing this in its default configuration. This may also affect other web servers, web applications, web proxies, load balancers and through a variety of misconfigurations related to redirection. See also : http://support.microsoft.com/support/kb/ articles/Q218/1/80.ASP

Any ideas?

Thanks

Community
  • 1
I.T. Support
  • 601
  • 2
  • 11
  • 27
  • I'm surprised they care; I'll bet your using a standard Private IP space like 99% of everyone else. – Chris S Aug 30 '10 at 20:25

1 Answers1

2

Umm... have you read the KB and it's companion article for IIS6?

http://support.microsoft.com/kb/834141/

joeqwerty
  • 109,901
  • 6
  • 81
  • 172
  • Yes, I followed intructions, server is on the latest service pack. I don't know how to get a hold of the "Hotfix" they speak about after the service pack. Does anyone have a link to this? – I.T. Support Aug 30 '10 at 20:24
  • Ok, so the hotfix should have been included in the latest service pack. So the next section requires you make a reg edit to add the hostname you want to use. What host name would I need to put in there? Is this just a reference to the public IP address? – I.T. Support Aug 30 '10 at 20:28
  • You would use either the UseHostName if you want the server to always send it'd FQDN, such as internalname.internaldomain.local or use the SetHostName if you want the server to send a specific name, such as websitename.domain.com. – joeqwerty Aug 30 '10 at 21:00
  • What if I need different host names for different IIS sites? Would I add a custome header through IIS config? – I.T. Support Aug 30 '10 at 21:17
  • I can't help you with that one. You'll need to do some research on it, sorry. – joeqwerty Aug 30 '10 at 23:37
  • Can I set the host name to an public IP address? – I.T. Support Aug 31 '10 at 16:51
  • We followed instructions, added host names to each site using "Set Host" rescanned and passed compliance – I.T. Support Sep 29 '10 at 18:06
  • Glad to hear it. – joeqwerty Sep 29 '10 at 18:14