When HTTP 1.0 request is sent to a website hosted on AWS in the following manner;
curl -v example.com --http1.0 --header 'Accept:' --header 'Connection:' --header 'Host:'
Server responds with the following response message:
< HTTP/1.1 302 Found
< Cache-Control: private
< Content-Type: text/html; charset=utf-8
< Date: Thu, 03 May 2018 06:08:49 GMT
< Location: https://10.0.10.243/
< Server: Microsoft-IIS/8.5
< X-AspNet-Version: 4.0.30319
< X-AspNetMvc-Version: 5.2
< X-Powered-By: ASP.NET
< Content-Length: 137
< Connection: Close
<
<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://10.0.10.243/">here</a>.</h2>
</body></html>
* Closing connection 0
What should be done on AWS to prevent revealing internal IP address of the server when this type of request is received?
I think that it has to do less with AWS and more with the configuration of your IIS server.
https://scotthelme.co.uk/hardening-your-http-response-headers/#server
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.