When someone portscans your IIS 5.0 Windows 2000 Server or observes the packets sent from your server, he or she can see the internal IP address of your Web server. If you use NAT, other users will be able to see your internal IP address in the packet header. Someone who is serious about hacking your Web server might find this information useful.
If you decide that you want to put a stop to this behavior, you can configure IIS 5.0 to return a URL instead of the IP address in the Content-Location header. Follow these steps to configure IIS:
- Open the command prompt.
- Change the directory to \inetpub\adminscripts.
- Type adsutil set w3svc/UseHostName True. (Notice that there isn't a space between w3svc and /UseHostName.)
- Restart the Web server service.
HTTP packets will no longer contain the internal IP address of your Web server.
Of course, if your server isn't behind NAT and you use public IP addresses, then you don't need to change anything. Public IP addresses are visible, which is something you can't change.
Miss a column?
Check out the Windows 2000 Server archive, and catch up on the all the W2K Server columns.
Want more Win2K tips and tricks? Automatically sign up for our free Windows 2000 Server newsletter, delivered each Tuesday!