Tuesday, November 25, 2014

How to prevent MS IIS Content Location Internal IP Address Leak

With reference to http://support.microsoft.com/kb/834141, we would want to fix the issue of IP address being revealed in the content-location field in the TCP header on MS IIS 6.0.

Confirmation that you are affected
- telnet to the web service
- perform "GET / HTTP/1.0"
- press twice.

If you see "Content-Location: http:///Default.htm", you are affected.


To rectify this issue,
- right click on the Website, click on Properties button for logging.
- take note of the Site ID inside Log file name in this "Extended Logging Properties" window. i.e. W3SVC39\exyymmdd.log means your Site ID is 39
- Set the web server to use Host name instead of Host IP. Fire up the command prompt and navigate to C:\Inetpub\AdminScripts\, run the command "csript adsutil.vbs set w3svc//UserHostName true"
- run command "we".

You can then verify by using the telnet test again. Good luck!

1 comment:

Anonymous said...
This comment has been removed by a blog administrator.