Bugtraq mailing list archives

IIS respond private address

From: n-miwa () LAC CO JP (Nobuo Miwa)
Date: Sat, 17 Jul 1999 01:03:16 -0400


Folks who have IIS bihind Firewall,

My IIS 4.0 respond its real IP Address unashamedly even if
they are behind Firewall and it has private address.

It's easy to test for everyone.

   $ telnet www.some.where 80
   Trying ***.***.**.3...
   Connected to www.some.where.
   Escape character is '^]'.
   GET / HTTP/1.0

   HTTP/1.1 200 OK
   Server: Microsoft-IIS/4.0
   Content-Location: http://192.168.10.15/index.html
   ...

I've tested this on Japanese IIS 4.0 SP5 but I've not tested
many cases yet. Please comment.

I searched some informations for controlling Content-Location
header. But I couldn't find its solution.
I just want to hide my private address from all over the world...

<Nobuo Miwa> n-miwa () lac co jp            ( @ @ )      http://www.lac.co.jp
------------------------------------o00o--(. .)--o00o----------------------
LAC CO.,LTD.   TEL: +1-617-367-6726   FAX: +1-617-367-6726

Current thread:

IIS respond private address Nobuo Miwa (Jul 16)
- <Possible follow-ups>
- Re: IIS respond private address Nobuo Miwa (Jul 20)