On Sat, Mar 9, 2019 at 9:06 AM DHAVAL JAISWAL <[email protected]> wrote: > While doing network scan its showing internal IP disclosure vulnerability. > This internal IP is of ELB and not the HA proxy server. > > It is showing vulnerability on port 80. Following are the steps for reproduce. > > Can some one help me to fix this?
Based on the source code of that script the leak seems to be based on the `Location` header used in redirecting HTTP to HTTPS: ( https://svn.nmap.org/nmap/scripts/http-internal-ip-disclosure.nse ) However that happens only when the client doesn't send the `Host` header: printf 'GET / HTTP/1.0\r\n\r\n' \ | socat stdio tcp:viacom-214916319.ap-south-1.elb.amazonaws.com:80 Could you perhaps take a look at the HAProxy configuration where you're doing HTTPS redirects? Ciprian.
