We have a customer that is being audited by a security company for the purpose of using a web based credit card payments system. The company has failed the customer on a number of issues most of which we have been able to resolve but there is one problem left which we cannot seem to fix.
The company sent us thse results:-
~$ telnet (External IP here)80
Trying (External IP here)....
Connected to (External IP here).
Escape character is '^]'.
GET / HTTP/1.0
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://10.0.0.1/remote
Server: Microsoft-IIS/8.5
Set-Cookie: ASP.NET_SessionId=ztt2gtghmbmwhos4e0kcj4or; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET Date: Wed, 29 Nov 2017 09:59:16 GMT
Connection: close
Content-Length: 140
It seems odd to us that the server is giving out an internal IP address but I'm guessing there moust be some way of telling the server to stop doing this. Most of the stuff I have found online relates to IIS 7.0 and is no help.
We need to stop this happening and would appreciate some help.
Thanks
Geoff