IIS 6.0 content-location field FIXED !!!

There was a problem with content-location IIS 6.0, as the header may reveal IP address information, for example:

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
Content-Location: http://10.1.1.1/Default.htm
Date: Friday, 10 June 2004 11:03:22 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Friday, 10 June 2004 11:00:05 GMT
ETag: "067f136a639be1:12c5"
Content-Length: 4123

Previously, in IIS 5.0 and 4.0, you can set the UseHostName to TRUE to replace the internal IP address with the FQDN of the site. I talked about this before. However this is not available for IIS 6.0, last I heard that this will be fix in SP1. But today, I found this kb:
834141 FIX: IP address is revealed in the content-location field in the TCP header in IIS 6.0

So Microsoft is releasing it first, but you have to ring PSS to get the fix. The other work around is to configure Host Header for the site.

Published Fri, Jun 11 2004 16:49 by bernard
Filed under: ,

Comments

# TrackBack said on 14 June, 2004 11:07 AM
re: [Secur] KB:834141 FIX: IP address is revealed in the content-location field in the TCP header in IIS 6.0
# Easa said on 15 September, 2006 02:21 AM
Hi After adding the UseHostName and setting it to 1 on IIS Metabase for /LM/W3SVC level, i'm still able to see IP address in the content-location header. I accessed the web server using the IP address. Can you please clarify why IP address is revealed. Thanks Easa
# qbernard said on 16 September, 2006 12:33 AM

Did you get the hotfix from MS ? It's been awhile, not sure if MS include this fix in w2k3 sp1. anywhere. assuming you got the fix and after followed the steps, did you restart the computer?

News

Search

Go

This Blog

Tags

Archives

IIS Sites

MVPs - MVPs

IIS Related

Syndication