Welcome! Log In Create A New Profile

Advanced

Internal IP in HTTP Location Header Response?

Previous Message Next Message
Forum List Message List New Topic Print View
mevans336
November 14, 2016 10:38AM
Hello - we have been dinged on our network penetration test because one of our Nginx web servers is returning the internal IP in the HTTP location response header. This is our only Nginx server that is not acting as a reverse proxy, so I'm at a bit of a loss on how to disable Nginx returning the Internal IP?

Here is the bulk of our config:

server {

listen 192.168.1.2:80;
server_name mydomain.com www.mydomain.com

location / {

return 301 https://$server_name$request_uri;
}

}

server {

listen 192.168.1.2:443 ssl http2;
server_name mydomain.com www.mydomain.com
ssl on;
ssl_certificate /etc/nginx/ssl/mycert.crt;
ssl_certificate_key /etc/nginx/ssl/mykey.key
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-A[...]
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_stapling on;
resolver 8.8.8.8 8.8.4.4 ipv6=off;

location / {

add_header X-Frame-Options SAMEORIGIN;
add_header Strict-Transport-Security max-age=31536[...]

root /usr/share/nginx/html/;
index index.html;
}

}


[+] Location Header: https://192.168.1.2/images/
[+] Result for my.external.ip.address found Internal IP: 192.168.1.2
Reply Quote
RSS
Subject Author Posted

Internal IP in HTTP Location Header Response?

mevans336 November 14, 2016 10:38AM

Re: Internal IP in HTTP Location Header Response?

mevans336 November 14, 2016 11:07AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 165
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready