Hi,
I had to run a PCI scan on our Exchange 2013 on Win12 SVR R2. I get a failed result with:
Web Server Internal IP Address/Internal Network Name Disclosure Vulnerability
GET / HTTP/1.0 HTTP/1.1 301 Moved Permanently Cache-Control: no-cache Pragma: no-cache Location: https://***.***.***.***/owa/ Server: Date: Thu, 31 May 2018 18:11:45 GMT Connection: close Content-Length: 0
When i use the URLrewrite extension for the IIS, i would not have access to the ECP.
<rewrite><outboundRules>
<remove name="Obfuscate Internal IP" />
<remove name="Server response" />
<rule name="Server response" enabled="true">
<match serverVariable="RESPONSE_SERVER" pattern=".*" />
<conditions />
<action type="Rewrite" />
</rule>
<rule name="Obfuscate Internal IP" enabled="true" patternSyntax="ECMAScript">
<match serverVariable="RESPONSE_LOCATION" pattern=".*" />
<conditions />
<action type="Rewrite" value="exchange.sessomslaw.com" replace="true" />
</rule>
</outboundRules>
</rewrite>
Help please