Web Server Internal IP Address/Internal Network Name Disclosure Vulnerability

Mon Yang treomon at gmail.com
Sat May 28 08:02:08 MSD 2011


Sorry...  FQDN = nginx server itself or the backend mail server?

Or, can you tell me how to change 3xx error message, since it might be
safer so it won't break things?

Thank you.

On Fri, May 27, 2011 at 9:50 AM, Igor Sysoev <igor at sysoev.ru> wrote:
> On Fri, May 27, 2011 at 09:24:09AM -0700, Mon Yang wrote:
>> Hi,
>>
>> I did QualysGuard scan and it says "Web Server Internal IP
>> Address/Internal Network Name Disclosure Vulnerability".  It suggest
>> for Apache, I need to:
>>
>>
>> For Apache Web Server:
>> Modify the Apache configuration file as follows:
>> - Set "ServerName" to a proper FQDN.
>> or
>> - Use module mod_rewrite to modify the 3xx error message returned by the server.
>>
>> So what I need to do in nginx to fix this issue?  Thank you.
>
> If you proxy server via nginx, then probably something like this:
>
> server {
>    server_name  FQDN;
>
>    location / {
>        proxy_pass      http://backend;
>        proxy_redirect  http://FQDN/  http://backend/;
>    }
> }
>
>
> --
> Igor Sysoev
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx
>



More information about the nginx mailing list