Request to AWS reveals internal server IP address
Question
When HTTP 1.0 request is sent to a website hosted on AWS in the following manner;
curl -v example.com --http1.0 --header 'Accept:' --header 'Connection:' --header 'Host:'
Server responds with the following response message:
< HTTP/1.1 302 Found
< Cache-Control: private
< Content-Type: text/html; charset=utf-8
< Date: Thu, 03 May 2018 06:08:49 GMT
< Location: https://10.0.10.243/
< Server: Microsoft-IIS/8.5
< X-AspNet-Version: 4.0.30319
< X-AspNetMvc-Version: 5.2
< X-Powered-By: ASP.NET
< Content-Length: 137
< Connection: Close
<
<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://10.0.10.243/">here</a>.</h2>
</body></html>
* Closing connection 0
What should be done on AWS to prevent revealing internal IP address of the server when this type of request is received?
1 answers
solution1
2 2018-05-03 08:14:15
I think that it has to do less with AWS and more with the configuration of your IIS server.
https://scotthelme.co.uk/hardening-your-http-response-headers/#server
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Get Server IP Address in Current Request
500 internal server error checklist, curl request via internal ip (linux to windows IIS 7.0)
Access the website using my internal IP address
How to get ip address of the server?
Find Internal Hosting Server from Website IP
Why is my fully qualified domain name request url getting converted to an ip address request url by the Cassini web server?
How to change the IP Address of http request?
Can I retrieve an Internal IP address for a client using JS?
Choosing which private ip address to communicate with on a server
Getting the IP address of server in ASP.NET?
Related Tags