How prevented the internal IP address information divulges
By yueer2006
@yueer2006 (626)
Hong Kong
November 3, 2006 6:16am CST
When visits IIS in the website the static HTML document, for instanceindex.htm, in the IIS response can contain a Content-Location articlearticle. If IIS disposes is improper, in the Content-Location articlearticle will contain the server the IP address content, like thiscaused to hide behind the NAT firewall or proxy server internal net IPaddress information divulging, had to the aggressor leaks may ride.
1 response
@guaiguaimao (221)
• China
7 Nov 06
HTTP/1.1 200OK Server:Microsoft-IIS/5.0Content-Location:http://192.168.1.1/index.htm Date:Wed,31Oct200104:19:40GMT Content-Type:text/html Accept-Ranges:bytesLast-Modified:Fri, above 12Oct200107:48:06GMT ETag:03f7e3af252c11:9a2Content-Length:7141 responded the information the 3rd line of contentto contain the internal network IP address information, this was wedoes not hope. We hoped IIS responds following content: HTTP/1.1 200OKServer:Microsoft-IIS/5.0Content-Location:http://www.mywebsite.com/index.htm Date:Wed,31Oct200104:19:40GMT Content-Type:text/html Accept-Ranges:bytesLast-Modified:Fri, 12Oct200107:48:06GMT ETag:03f7e3af252c11:9a2Content-Length:7141 in other words, 3rd line of content in IP addressinformation replace for domain name information. Under has a looksolution. Solution one: Carries out script procedure Adsutil.vbsthrough to revise in the IIS database a value, may achieve addressinformation transforms Content-Location the article article of centerIP into the domain name information goal. The first method is throughcarries out a VBS script procedure to complete the IIS database thecorrelation revision work, this script procedure is calledAdsutil.vbs, after it produces the IIS installment. Attention: Isdifferent as a result of the actual application environment, MicrosoftCorporation has not guaranteed this
