Issue:
In IIS (and other web servers) a Content-Location header is added to the response of every HTTP request made to the web server. This header may expose internal IP addresses that are typically hidden or masked behind a Network Address Translation (NAT) Firewall or a proxy server.
Example:
HTTP/1.1 200 OK
Server: Microsoft-IIS/4.0
Content-Location: http://10.1.1.1/Default.htm
Date: Thu, 18 Feb 1999 14:03:52 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Wed, 06 Jan 1999 18:56:06 GMT
ETag: "067d136a639be1:15b6"
Content-Length: 4325
In this example, the Content-Location specifies the private internal address of the IIS computer in the header. This header is then unchanged when it passes through a firewall or proxy server. Therefore, the security of the internal network may be compromised by exposing the network addresses that are being used.
Cause:
In Internet Information Server (IIS), by default the Content-Location references the IP address of the server instead of the Fully Qualified Domain Name (FQDN) or Hostname.
Solution:
Method 1 (HTTP Only)
IIS 4.0 and 5.x
http://support.microsoft.com/kb/218180
IIS 6.0
http://support.microsoft.com/kb/834141/
Method 2 (HTTP and SSL)
Specify the desired value for both Location and Content-Location in the Custom HTTP Headers section of the IIS site properties. This will return the configured values in the TCP responses and will effectively hide the internal IP address on the HTTP or SSL responses.
This solution should work with other web servers as well, but may cause issues with some web browsers.
More Information:
Hypertext Transfer Protocol -- HTTP/1.1