Results 1 to 9 of 9

Thread: [SOLVED] Nessus Security Scan Fail - Internal IP in HTTP Header

  1. #1
    bertie_uk is offline Senior Member
    Join Date
    Nov 2006
    Location
    Manchester, UK
    Posts
    59
    Rep Power
    8

    Default [SOLVED] Nessus Security Scan Fail - Internal IP in HTTP Header

    As part of our company security policy we regularly run Nessus security scanner against our servers.

    Our Zimbra OSS has failed on "HTTP Header Internal IP Disclosure" which basically means the internal 192.168.x.x IP of the server is being sent in the HTTP header. Tenable Network Security

    On Tomcat we add a proxyName value to rewrite the header with the domain name.

    But I don't know if this is possible with Jetty, or how it is done in the Zimbra Jetty.

    Anyone any ideas?

    Thanks

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,470
    Rep Power
    56

    Default

    Why don't you just disable the x-originating-ip in the Admin UI or is there some other IP showing?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    bertie_uk is offline Senior Member
    Join Date
    Nov 2006
    Location
    Manchester, UK
    Posts
    59
    Rep Power
    8

    Default

    It's not in the email header, but the HTTP header returned from Jetty.

    I have the option you describe disabled already.

    Thanks

    bertie

  4. #4
    bertie_uk is offline Senior Member
    Join Date
    Nov 2006
    Location
    Manchester, UK
    Posts
    59
    Rep Power
    8

    Default

    Found a solution. Similar to the Tomcat method.

    In /opt/zimbra/jetty/etc/jetty.xml.in add the following lines to the <!-- user services connector, no SSL --> section:

    <Set name="forwarded">true</Set>
    <Set name="hostHeader">mail.domain.com</Set>


    and to the <!-- user services connector, SSL --> section:

    <Set name="forwarded">true</Set>
    <Set name="hostHeader">mail.domain.com:443</Set>

    Then restart Zimbra.

    Don't use the jetty.xml as this is overwritten by the .in version when Zimbra restarts.

    Bertie

  5. #5
    bertie_uk is offline Senior Member
    Join Date
    Nov 2006
    Location
    Manchester, UK
    Posts
    59
    Rep Power
    8

    Default

    P.s. Seems a Zimbra upgrade removes this.

  6. #6
    arifsaha is offline Member
    Join Date
    Apr 2010
    Posts
    14
    Rep Power
    5

    Unhappy

    Quote Originally Posted by bertie_uk View Post
    P.s. Seems a Zimbra upgrade removes this.
    That's normal Zimbra behaviour, BTW.

  7. #7
    arifsaha is offline Member
    Join Date
    Apr 2010
    Posts
    14
    Rep Power
    5

    Question Will the external IP show in Zimbra log?

    Quote Originally Posted by bertie_uk View Post
    In /opt/zimbra/jetty/etc/jetty.xml.in add the following lines to the <!-- user services connector, no SSL --> section:
    <Set name="forwarded">true</Set>
    <Set name="hostHeader">mail.domain.com</Set>
    and to the <!-- user services connector, SSL --> section:
    <Set name="forwarded">true</Set>
    <Set name="hostHeader">mail.domain.com:443</Set>
    Then restart Zimbra.
    Sorry to raise old thread, but I am wondering whether this change will allow the IP address of the client show in mailbox.log and audit.log of Zimbra behind http proxies?

    For example, an failed login from IP address 99,98.97.96 which connect to proxy 111.112.113.114 will show up as a log entry like this:
    Code:
    2011-04-13 20:37:39,694 INFO  [btpool0-36341] [name=anaccount@mydomain.tld;oip=111.112.113.114;ua=zclient/5.0.11_GA_2695.RHEL5_64;] SoapEngine - handler exception: authentication failed for anaccount, invalid password
    As the actual address 99,98.97.96 does not show at all. With the change bertie_uk suggested will cause the log entry those the actual client IP address in that log entry?

    Thanks!

  8. #8
    j2b
    j2b is offline Special Member
    Join Date
    Sep 2008
    Location
    Latvia
    Posts
    141
    Rep Power
    6

    Default

    Please see the other your request: http://www.zimbra.com/forums/install...tml#post231043

  9. #9
    stasouv is offline Active Member
    Join Date
    Jan 2012
    Posts
    41
    Rep Power
    3

    Default

    For Zimbra 8.0.2, this post was not 100% helpful.

    Workaround I post on the other thread:
    http://www.zimbra.com/forums/install...tml#post256357

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Internal Ip address Showing in Mail headers
    By emmaylots in forum Administrators
    Replies: 16
    Last Post: 10-09-2009, 01:05 AM
  2. [SOLVED] Adding XP PCs to a samba domain...
    By NoDoze in forum Administrators
    Replies: 43
    Last Post: 08-13-2009, 04:22 PM
  3. Email header containing internal IP address ?
    By msentissi in forum Administrators
    Replies: 2
    Last Post: 07-09-2009, 09:38 AM
  4. [SOLVED] Zimbra logwatch.
    By nishith in forum Administrators
    Replies: 5
    Last Post: 06-10-2009, 04:42 PM
  5. 3.0 to 4.5.3 Upgrade failed (mysql error)
    By dealt in forum Installation
    Replies: 35
    Last Post: 03-19-2007, 10:30 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •