During a recent security scan of our IIS 6 box, it was shown that the II
Version, 6 in this case, and the Internal IP address of the box were being
shown externally.
Why would this be and how can I fix this.
The box is natted behind a firewall.
"DoktorWho"
news:DD36D2B3-9ECB-41A1-90EA-8644A6377093@microsoft.com...
> During a recent security scan of our IIS 6 box, it was shown that the II
> Version, 6 in this case, and the Internal IP address of the box were being
> shown externally.
>
> Why would this be and how can I fix this.
>
> The box is natted behind a firewall.
For IIS 5, you could control the version via URLscan. So maybe take a look
in whatever that interface was migrated to with version 6.
Thanks I will try that.
"Funkadyleik Spynwhanker" wrote:
>
> "DoktorWho"
> news:DD36D2B3-9ECB-41A1-90EA-8644A6377093@microsoft.com...
> > During a recent security scan of our IIS 6 box, it was shown that the II
> > Version, 6 in this case, and the Internal IP address of the box were being
> > shown externally.
> >
> > Why would this be and how can I fix this.
> >
> > The box is natted behind a firewall.
>
> For IIS 5, you could control the version via URLscan. So maybe take a look
> in whatever that interface was migrated to with version 6.
>
>
>
http://blogs.msdn.com/david.wang/archive/2006/03/29/Silly_Se curity_Scans.aspx
--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"DoktorWho"
news:DD36D2B3-9ECB-41A1-90EA-8644A6377093@microsoft.com...
> During a recent security scan of our IIS 6 box, it was shown that the II
> Version, 6 in this case, and the Internal IP address of the box were being
> shown externally.
>
> Why would this be and how can I fix this.
>
> The box is natted behind a firewall.
http://blogs.msdn.com/david.wang/archive/2006/03/29/Silly_Se curity_Scans.aspx
There is no way to control the Server: header. URLScan makes a reasonable
attempt but will not set/remove it in all cases. And we are fine with that
because this is not a security issue, per the rationale from the blog entry.
--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"DoktorWho"
news:9780DC83-3923-4385-93A5-AD81B0AFEF36@microsoft.com...
> Thanks I will try that.
>
> "Funkadyleik Spynwhanker" wrote:
>
>>
>> "DoktorWho"
>> news:DD36D2B3-9ECB-41A1-90EA-8644A6377093@microsoft.com...
>> > During a recent security scan of our IIS 6 box, it was shown that the
>> > II
>> > Version, 6 in this case, and the Internal IP address of the box were
>> > being
>> > shown externally.
>> >
>> > Why would this be and how can I fix this.
>> >
>> > The box is natted behind a firewall.
>>
>> For IIS 5, you could control the version via URLscan. So maybe take a
>> look
>> in whatever that interface was migrated to with version 6.
>>
>>
>>
Hey, that's a great rant.
Going in my bookmarks.
"David Wang [Msft]"
news:uaiRvs3UGHA.1160@TK2MSFTNGP09.phx.gbl...
> http://blogs.msdn.com/david.wang/archive/2006/03/29/Silly_Se curity_Scans.aspx
>
> --
> //David
> IIS
> http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> //
>
> "DoktorWho"
> news:DD36D2B3-9ECB-41A1-90EA-8644A6377093@microsoft.com...
>> During a recent security scan of our IIS 6 box, it was shown that the II
>> Version, 6 in this case, and the Internal IP address of the box were
>> being
>> shown externally.
>>
>> Why would this be and how can I fix this.
>>
>> The box is natted behind a firewall.
>
>