Reference:
Nessus 弱點報告
Web Server HTTP Header Internal IP Disclosure
Description
This may expose internal IP addresses that are usually hidden or masked behind a Network Address Translation (NAT) Firewall or proxy server.
There is a known issue with Microsoft IIS 4.0 doing this in its default configuration. This may also affect other web servers, web applications, web proxies, load balancers and through a variety of misconfigurations related to redirection.
Solution
Apply configuration suggested by vendor.
See Also
http://www.nessus.org/u?fe24f941
https://support.microsoft.com/en-us/help/218180
http://www.nessus.org/u?4eedfe2d
Description
This may expose internal IP addresses that are usually hidden or masked behind a Network Address Translation (NAT) Firewall or proxy server.
There is a known issue with Microsoft IIS 4.0 doing this in its default configuration. This may also affect other web servers, web applications, web proxies, load balancers and through a variety of misconfigurations related to redirection.
Solution
Apply configuration suggested by vendor.
See Also
http://www.nessus.org/u?fe24f941
https://support.microsoft.com/en-us/help/218180
http://www.nessus.org/u?4eedfe2d
狀況:
這一台是Nginx reverse proxy,後面是 IIS web service。
本來以為是 IIS 的問題,但是直接對 IIS 掃描沒找到這個弱點,所以判斷是 Nginx 的問題。
解法:
在 Nginx config 設定server_name mydomain.com
server_name_in_redirect on
server_name_in_redirect on
restart nginx service再掃描確認已修復。
沒有留言:
張貼留言