Return-Path: owner-bugtraq@SECURITYFOCUS.COM X-Mailer: Winbiff [Version 2.30 beta9 (on Trial)] Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Message-ID: <199907170103.JJG55568.JBO-NX@lac.co.jp> Date: Sat, 17 Jul 1999 01:03:16 -0400 Reply-To: Nobuo Miwa Sender: Bugtraq List From: Nobuo Miwa Subject: IIS respond private address X-To: BUGTRAQ@SECURITYFOCUS.COM To: BUGTRAQ@SECURITYFOCUS.COM Folks who have IIS bihind Firewall, My IIS 4.0 respond its real IP Address unashamedly even if they are behind Firewall and it has private address. It's easy to test for everyone. $ telnet www.some.where 80 Trying ***.***.**.3... Connected to www.some.where. Escape character is '^]'. GET / HTTP/1.0 HTTP/1.1 200 OK Server: Microsoft-IIS/4.0 Content-Location: http://192.168.10.15/index.html ... I've tested this on Japanese IIS 4.0 SP5 but I've not tested many cases yet. Please comment. I searched some informations for controlling Content-Location header. But I couldn't find its solution. I just want to hide my private address from all over the world... n-miwa@lac.co.jp ( @ @ ) http://www.lac.co.jp ------------------------------------o00o--(. .)--o00o---------------------- LAC CO.,LTD. TEL: +1-617-367-6726 FAX: +1-617-367-6726