How to Hide Virtual Services IP address during a Penetration Test when SubVS are configured.
Information
Summary: |
How to Hide Virtual Services IP address during a Penetration Test when SubVS are configured. |
Environment: |
Product: Loadmaster Version: Any Platform: Any Application: Any |
Question/Problem Description: |
HTTPS virtual IP hosted with multiple subVS with different domains, what shall we input for redirect for https://domain.com%s. "%s" |
Steps to Reproduce: | |
Error Message: | |
Defect Number: | |
Enhancement Number: | |
Cause: | |
Resolution: |
During a Penetration test, it's possible that your Virtual IP is being revealed.
Create a content rule for your redirect SubVS.
After enabling add, the created content rule with redirect VS and for other VS select default rule. Once created, for the SubVS with the matching rule created we can add the 302 redirect as https://%h%s, and for the SubVS with the default rule, we will change the 302 to a 403, thus blocking requests made with empty host headers, so during a Penetration test, your Virtual IP is not revealed.
|
Workaround: | |
Notes: |