当以下列方式将HTTP 1.0请求发送到AWS上托管的网站时;
curl -v example.com --http1.0 --header 'Accept:' --header 'Connection:' --header 'Host:'
服务器响应以下响应消息:
< HTTP/1.1 302 Found
< Cache-Control: private
< Content-Type: text/html; charset=utf-8
< Date: Thu, 03 May 2018 06:08:49 GMT
< Location: https://10.0.10.243/
< Server: Microsoft-IIS/8.5
< X-AspNet-Version: 4.0.30319
< X-AspNetMvc-Version: 5.2
< X-Powered-By: ASP.NET
< Content-Length: 137
< Connection: Close
<
<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://10.0.10.243/">here</a>.</h2>
</body></html>
* Closing connection 0
在收到此类请求时,应在AWS上做些什么来防止泄露服务器的内部IP地址?
答案 0 :(得分:2)
我认为通过配置IIS服务器,它可以减少对AWS的支持。
https://scotthelme.co.uk/hardening-your-http-response-headers/#server
答案 1 :(得分:0)
在我的系统中,它返回负载平衡器。我发现这篇文章的解释更多了-
Stop Elastic Load Balancer From Revealing Internal Private IP
这也- https://serverfault.com/questions/924733/aws-elb-returning-its-own-private-ip-address
由于它只暴露了负载均衡器,所以我认为这不是什么大问题。