Forum Discussion

aandreyy_293459's avatar
aandreyy_293459
Icon for Nimbostratus rankNimbostratus
Apr 19, 2018

internal IP address of the remote server is disclosed

Hi maybe same one has idea why after sending request with HTTP/1.0 and an empty ‘Host’ header, in replay i can see internal VIP IP? after sending http1.1 request everything ok. Example bellow:

 

curl -I --http1.0 -H 'Host:' https://www.webpage.com

 

HTTP/1.1 301 Moved Permanently

 

Content-Length: 154

 

Content-Type: text/html; charset=UTF-8

 

Location: http://10.0.0.1

 

Date: Fri, 13 Apr 2018 10:38:43 GMT

 

Connection: close

 

i tested resolution for that using iRule that replace empty header with host name but i have other VIP that replaying correctly even after sending empty host header and couldn't find config differences between them.

 

If someone have any ideas let me know, don't think it can be problem in web server while IP in replay is VIP on LTM.

 

thanks

 

2 Replies

  • I was having a similar issue like the one described by aandreyy_293459. In my case we were doing external PCI scans and it was showing the internal IP of the pool servers. I ended up creating an iRule with the following to address this issue for us. After applying this iRule it now replaced the location information with the public name and not the internal IP addresses of the servers.   

    when HTTP_RESPONSE {
    if { ( [HTTP::header Location] contains "x.x.x.x" ) || ( [HTTP::header Location] contains "y.y.y.y" ) }{
    HTTP::header Location {https://www.mysite.org}
    }
    }

  • hi

     

    looks like found problem myself, there are iRule that changes 10.0.0.1:85 to url, but on VIP that it is not working i get in http reply https://10.0.0.1 (you can see above), not https://10.0.0.1:85 (as in working). So this is other issue (believe with stream profile or stream iRule)

     

    thanks