Forum Discussion
NimbostratusThe internal IP address of an IIS 7.0 server is revealed.
Hello all,
A WebInspect Scan finding sees that we are revealing an internal I.P. address.
- The server discloses it's internal IP: 10.x.x.x
IIS hot fix will not work for this issue, does anyone know of an iRule that can rectify this issue?
Thanks in advance.
7 Replies
Ryan_80361Cirrostratus
Can you give any further details on your configuration?
Are you using cookie persistence in the above situation?
jgdlarsen_16724No, Default Persistence Profile is set to none. Have two Vips one for 80 and one for 443. 80 of course is redirecting to 443 Vip. Custum-http, auto map, one connect. After further research no Microsoft hot fix was identified. The appserver is revealing the internal IP would like to know if an iRule can mask it.
RyannnnnnnnnAltocumulus
Can you give any further details on your configuration?
Are you using cookie persistence in the above situation?
- jgdlarsen_16724No, Default Persistence Profile is set to none. Have two Vips one for 80 and one for 443. 80 of course is redirecting to 443 Vip. Custum-http, auto map, one connect. After further research no Microsoft hot fix was identified. The appserver is revealing the internal IP would like to know if an iRule can mask it.
- PeteWhite
Employee
Hi, you can use a stream profile or a html profile to rewrite the offending address. Which software version are you using?
- Arie
Altostratus
Are you using SNAT?
- Ryannnnnnnnn
Assuming the address is being disclosed in the headers, have you looked at the headers for the request? Live Headers or a similar tool will let you see where the address is present.
Your scanner (webinspect?) should also hopefully list the url that was used to perform the test.
