IP Disclosure Solution On IIS 6

2013-01-08

Sometimes the internal IP address of an IIS server is revealed if an HTTP Request that does not have a Host header or has a NULL Host header is sent to the server https://support.microsoft.com/kb/967342

So we can hid this information or replace it with alternate text.

Step 1: Obtain the latest service pack for Microsoft Windows Server 2003.

889100 How to obtain the latest service pack for Windows Server 2003

Step 2: Hot Fix 935469.

It is also very important that you install the following additional update. FIX: The IP address or the host header of the server that is running IIS may be returned unexpectedly when you use the Request.ServerVariables collection in IIS6

https://support.microsoft.com/default.aspx?scid=kb;EN-US;935469.

Step 3: use either the UseHostName or the SetHostName property on the site if you want an alternate host name to be sent for requests.

The Content-Location and the Location headers are sent by an HTTP server as part of its response to an HTTP request, and contain ___location information for the resource that the client requested.

To know which option you want; you can read at www.w3.org.

For Content-Location, see https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.14,

And for Location see https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.30.

set the UseHostName property: