[SOLVED] Nessus Security Scan Fail - Internal IP in HTTP Header
As part of our company security policy we regularly run Nessus security scanner against our servers.
Our Zimbra OSS has failed on "HTTP Header Internal IP Disclosure" which basically means the internal 192.168.x.x IP of the server is being sent in the HTTP header. Tenable Network Security
On Tomcat we add a proxyName value to rewrite the header with the domain name.
But I don't know if this is possible with Jetty, or how it is done in the Zimbra Jetty.
Anyone any ideas?
Thanks
Will the external IP show in Zimbra log?
Quote:
Originally Posted by
bertie_uk 
In /opt/zimbra/jetty/etc/jetty.xml.in add the following lines to the <!-- user services connector, no SSL --> section:
<Set name="forwarded">true</Set>
<Set name="hostHeader">mail.domain.com</Set>
and to the <!-- user services connector, SSL --> section:
<Set name="forwarded">true</Set>
<Set name="hostHeader">mail.domain.com:443</Set>
Then restart Zimbra.
Sorry to raise old thread, but I am wondering whether this change will allow the IP address of the client show in mailbox.log and audit.log of Zimbra behind http proxies?
For example, an failed login from IP address 99,98.97.96 which connect to proxy 111.112.113.114 will show up as a log entry like this:
Code:
2011-04-13 20:37:39,694 INFO [btpool0-36341] [name=anaccount@mydomain.tld;oip=111.112.113.114;ua=zclient/5.0.11_GA_2695.RHEL5_64;] SoapEngine - handler exception: authentication failed for anaccount, invalid password
As the actual address 99,98.97.96 does not show at all. With the change bertie_uk suggested will cause the log entry those the actual client IP address in that log entry?
Thanks!
