IIS 6.0 leaks internal IP address in Content-Location header

28 Jul 2006 3:48 PM

Andrew Head

Hello,

I have an IP leak problem running IIS 6.0 on W2K3 SP1. I have followed
recomendations in KB218180 and KB834141 and configured SetHostName so that
my websites do
not return internal IP addresses. I have also configured host headers for
my websites.

But, my server still returns a private IP in the response to the following
request:
HEAD / HTTP/1.0

I can't find any other solutions beyond the above. Does anyone have any
suggestions?

31 Jul 2006 11:14 AM

Daniel Crichton

Show quote Hide quote

"Andrew Head" <AndrewH***@discussions.microsoft.com> wrote in message
news:B05A112E-88E6-4A36-9237-8591136686CB@microsoft.com...
> Hello,
>
> I have an IP leak problem running IIS 6.0 on W2K3 SP1. I have followed
> recomendations in KB218180 and KB834141 and configured SetHostName so that
> my websites do
>
>
> not return internal IP addresses. I have also configured host headers for
> my websites.
>
> But, my server still returns a private IP in the response to the following
> request:
> HEAD / HTTP/1.0
>
> I can't find any other solutions beyond the above. Does anyone have any
> suggestions?
>

KB218180 is for IIS4 and IIS5.

KB834141 is for IIS6, but also requires the hotfix. However, that hotfix is
pre-SP1 - SP1 includes newer versions of both of those files.

I remember going through both of those articles, and some others. If I
remember, I'll post details. As of right now, there is no Content-Location:
header returned by my sites - and I don't have a custom ISAPI dll installed.

Dan