Penetration Test Virtual IP Revealed

Scope

During a Penetration test, it's possible that your Virtual IP is being revealed. This is because a Port 80 GET / Request containing no Host Header is initiated. This connection hits your Port 80 Redirect Virtual Service. The only value the LoadMaster can return in the Location header is the Virtual IP.

 

Solution

Reconfigure your Port 80 Redirect Virtual Service from https://%h%s to https://domain.com%s. "%s" retains the path/directories.

 

Configuration

Navigate to your Port 80 Redirect VS > Advanced Properties > Not available Redirection Handling > Error Code: 302 Found, Redirect URL = https://domain.com%s.

 

Was this article helpful?

0 out of 0 found this helpful

Comments