We are working on obtaining PCI compliance for our e-commerce website with securitymetrics.com One last item that keeps coming up is as follows:
Synopsis : This web server leaks a
private IP address through its HTTP
headers. Description : This may expose
internal IP addresses that are usually
hidden or masked behind a Network
Address Translation (NAT) Firewall or
proxy server. There is a known issue
with IIS 4.0 doing this in its default
configuration. This may also affect
other web servers, especially on a
misconfigured redirection. See also :
http://support.microsoft.com/support/kb/
articles/Q218/1/80.ASP
I have implemented the changes in the MetaBase by using the adsutil.vbs script that are documented in the KB articles and have also verified these changes by using the IIS6 metabase explorer, however we continue to fail on this item.
We are reverse hosting this site through a Fortinet firewall.
Any suggestions on something that I may be missing?
Best Answer
Do you mean port forwarding?
What version of IIS are you running?
Have you restarted the IISadmin process after configuring the changes?
side question: Is there anything stopping you from hosting this in a DMZ?