IIS 7 Leaking Internal IP (PCI Audit)

While going through a PCI-DSS audit for the credit cards, I ran into several Windows 2008 servers running IIS 7 that were failling on an old IIS 4 problem…they were sending out the internal IP address in the HTTP Headers.

After much digging around trying to figure out the issue, I was directed to a poston the IIS Troubleshooting blog. One of the items on there clued me in. There is a known issue with using the rediect. I originally had the redirect in IIS configured to point to a folder on the system…when I replaced that with the full URL path, it fixed the issue. Hopefully this will save someone else the grief with trying to find this issue themselves.

Explore posts in the same categories: Server 2008, Tech, WebSites

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: