Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

How to Hide Virtual Services IP address during a Penetration Test

Scope

During a Penetration test, it's possible that your Virtual IP is being revealed. This is because a Port 80 GET / Request containing no Host Header is initiated. This connection hits your Port 80 Redirect Virtual Service. The only value the LoadMaster can return in the Location header is the Virtual IP.

 

Solution

Reconfigure your Port 80 Redirect Virtual Service from https://%h%s to https://domain.com%s. "%s" retains the path/directories.

 

Configuration

Navigate to your Port 80 Redirect VS > Advanced Properties > Not available Redirection Handling > Error Code: 302 Found, Redirect URL = https://domain.com%s.

 


Was this article helpful?
0 out of 0 found this helpful

Comments