How to remove my server IP showing in remote address?
I have already referred to this post. But my query is a little different since I want to know if I can achieve this from IIS?
Here is how the Remote Address looks like when I inspect element.
Now, the problem is the IP that is seen is of the server where all my files for the website are deployed and there are concerns from the security team as follows
The application discloses internal IP addresses which can aid attackers in mapping out the internal infrastructure of the network. This information can be used to craft other types of attacks.
Here is what I have tried so far..
So in the web.config I was able to remove some other details that were showing in the Response Headers like the asp.net version etc.
<httpProtocol>
<customHeaders>
<add name="X-UA-Compatible" value="IE=edge" />
<add name="X-Frame-Options" value="ALLOW-FROM https://dev.org.com"/>
<add name="Content-Security-Policy" value="frame-ancestors 'self' https://dev.org.com"/>
<add name="Strict-Transport-Security" value="max-age=31536000"/>
<remove name="ETag"/>
<remove name="X-AspNet-Version" />
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
My question..
I understand one solution here is to mask a Proxy IP, but if there is some sort of setting that I can apply from IIS or web.config to achieve this, then I'd prefer that.
I'm afraid IIS can't help in this case.
Because there is no server variable indicate the IP address of remote server. IIS can only help you rewrite server variable and it is obviously that Server's IP is not included in either request or response context.
I think chrome might get the value from either TCP connction or DNS response.
If you want to hide it, you may have to create a reverse proxy.
- Paging, sorting, searching on Ajax View in asp.net mvc
- System.Web.Http is missing after a .NET 4.5 upgrade
- Resx file default 'internal' to 'public'
- Include both COUNT(*) and Sum(X) in a single async query Entity Framework
- How to link HTML5 form action to Controller ActionResult method in ASP.NET MVC 4
- VS 2022 ASP.Net Core MVC Simple Bootstrap Menu Not Working
- Process.Start(...) Suddenly Fails when Called by ASP.NET MVC 5 Running in IIS on Windows 10 and Windows Server 2019
- IIS 7.5 only shows directory list or 403 instead of ASP.NET Application
- RedirectToAction with parameter
- How to validate CNIC no in mvc by regular expression
- How do I encrypt URLs in ASP.NET MVC?
- Authentication Conflict Between Two ASP.NET Apps on the Same Server Using Nginx
- Multiple Authorization attributes on method
- Replace AuthenticationHandler for integration tests
- Display enum descriptions inside razor views
- Illegal characters in path error when reading xml file
- Is it possible to use Razor View Engine outside asp.net
- is it posible to upload directly to remote server using SFTP on ASP.net MVC
- How to view ViewBag content while debugging in Visual Studio?
- row counter in mvc index view can't generate number
- How to shorten a long url in HTML <a> tag
- Adding a controller factory to ASP MVC
- What should the view file/directory structure be in ASP.NET MVC?
- Asp.Net Core - simplest possible forms authentication
- creating dynamic views at runtime asp.net mvc
- Login Page with ASP.NET Core (MVC)
- Adding Admins using Seed data Asp.net core
- How can I redirect to a view without a controller in an ASP.NET MVC application?
- How to make sure all *.cshtml files are set to be "Content" for Build Action
- How to fix the "system cannot find the file specified" error in ASP.NET MVC and SQL Server 2019