Nasser Heidari

2009-12-14

IIS reveal its internal IP in the Content-Location header via a request to the root file

Filed under: Security Tips and Issues — Nasser Heidari @ 06:29

It’s actually an easy fix. The appropriate Knowledge Base article is “FIX: IP address is revealed in the content-location field in the TCP header in IIS 6.0

1. Click Start, click Run, type cmd, and then click OK to open a command prompt.
2. Change to the folder where the Adsutil.vbs tool is located. By default, this folder is the following:
%SYSTEMROOT%\Inetpub\AdminScripts
3. Type the following command, where x is your site identifier and hostname is the alternate host name that you want to use:
cscript adsutil.vbs set w3svc/x/SetHostName hostname

E.g:
cscript adsutil.vbs set w3svc/70762098/SetHostName linax.wordpress.com


How to find the your site identifier ???
In IIS 5 or 6, view the properties of the website and in the Web Site tab, click on the Properties button for the logging. At the bottom of the Extended Logging Properties window is the Log file name. It will be something like this: W3SVCXXXXX\exyymmdd.log.
XXXXX is your site identifier .

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: