We had a security audit and one of the items they identified using WebInspect is this:
"IIS Missing Host Header Internal IP Address Disclosure. Apply the configuration changes described in Microsoft Knowledge Base article Q218180 or 967342 depending on your version of IIS."
This update was released on 2/5/2009. This was an update for Windows Server 2008. We have Windows Server R2 which was released on 10/22/2009 and thus it already contains this update. However, Micosoft says that after intstalling this update the following command needs to be run:
appcmd.exe set config -section:system.webServer/serverRuntime /alternateHostName:"<Server Name>" /commit:apphost
Which config file does this update? I want to be sure that if I run this command and then we start experiencing some problems then I will be able to undo this change. So, I either need to a command that will undo this change or (preferably) know the location of the config file that gets updated.
thanks,