Caveman's Blog

My commitment to learning.

Prevent Internal IP address disclosure

with 2 comments


One of the vulnerability that we had to fix on a recent project was the disclosure of the IP address when IIS had to redirect a web request to another page and here is how it got fixed.

Based on the following Microsoft support article: “FIX: IP address is revealed in the content-location field in the TCP header in IIS 6.0” [1]; follow these steps to set the SetHostName property in IIS, so that the System Admin defined hostname is revealed in the response header as opposed to the internal IP address..

  1. Click Start, click Run, type cmd, and then click OK to open a command prompt.
  2. Change to the folder where the Adsutil.vbs tool is located. By default, this folder is the following:
    • %SYSTEMROOT%\Inetpub\AdminScripts
  3. Type the following command, where x is your site identifier and hostname is the alternate host name that you want to use:
    • cscript adsutil.vbs set w3svc/x/SetHostName hostname
    • X can be looked by from IIS mmc. Click here [2] to know to look up the site identifier.

    If this does not fix the problem then try installing the latest service pack for Windows Server 2003 and then restart your computer

    References:

    1. Microsoft Support: FIX: IP address is revealed in the content-location field in the TCP header in IIS 6.0
    2. Chris Crowe’s Blog – IIS Web Site Identifiers.
Advertisements

Written by cavemansblog

November 4, 2009 at 3:39 pm

Posted in IIS

Tagged with ,

2 Responses

Subscribe to comments with RSS.

  1. […] Prevent Internal IP address disclosure « Caveman's Blog […]

  2. security camera system…

    […]Prevent Internal IP address disclosure « Caveman's Blog[…]…

    security camera system

    March 13, 2012 at 8:15 pm


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: