How to Hide Virtual Services IP address during a Penetration Test
Scope
During a Penetration test, it's possible that your Virtual IP is being revealed. This is because a Port 80 GET / Request containing no Host Header is initiated. This connection hits your Port 80 Redirect Virtual Service. The only value the LoadMaster can return in the Location header is the Virtual IP.
Solution
Reconfigure your Port 80 Redirect Virtual Service from https://%h%s to https://domain.com%s. "%s" retains the path/directories.
Configuration
Navigate to your Port 80 Redirect VS > Advanced Properties > Not available Redirection Handling > Error Code: 302 Found, Redirect URL = https://domain.com%s.
Was this article helpful?
0 out of 0 found this helpful