With reference to http://support.microsoft.com/kb/834141, we would want to fix the issue of IP address being revealed in the content-location field in the TCP header on MS IIS 6.0.
Confirmation that you are affected
- telnet to the web service
- perform "GET / HTTP/1.0"
- press
If you see "Content-Location: http://
To rectify this issue,
- right click on the Website, click on Properties button for logging.
- take note of the Site ID inside Log file name in this "Extended Logging Properties" window. i.e. W3SVC39\exyymmdd.log means your Site ID is 39
- Set the web server to use Host name instead of Host IP. Fire up the command prompt and navigate to C:\Inetpub\AdminScripts\, run the command "csript adsutil.vbs set w3svc/
- run command "we".
You can then verify by using the telnet test again. Good luck!
Tuesday, November 25, 2014
How to prevent MS IIS Content Location Internal IP Address Leak
Labels:
MS_IIS
Subscribe to:
Post Comments (Atom)
1 comment:
Post a Comment