Facebook
TwitterHello and thank you in advance!
How do we stop Pleks's admin panel from revealing the internal IP address. Is there a separate configuration file that needs to be updated with the FQDN?
cloversecurity is my new PCI compliance overlord and they have changed a lot about what they scan.
They are reporting that the Plesk Admin Panel that runs on port 8443 reveals internal network information. The server's hostname is an externally resolvable FQDN and another test of theirs on ports 80 and 443 passes their test.
We are running the latest version of Plesk Obsidian (plesk-18026-mu1)
In their words:
CVE: CVE-2000-0649
Description: Web Server Internal IP Address/Internal Network Name Disclosure Vulnerability
Port: 8443 / tcp
Result: [the actual internal IP address of the server]
I have made an edit to /etc/sw-cp-server/config
changed:
error_page 497 https://$hostname:$server_port$request_uri;
to:
error_page 301 https://$hostname:$server_port$request_uri;
thinking that might help based on a post on this forum (article)
After making changes we have restarted plesk using: service sw-engine restart && service sw-cp-server restart
we have also rebooted the server once.
How do we stop Pleks's admin panel from revealing the internal IP address. Is there a separate configuration file that needs to be updated with the FQDN?
cloversecurity is my new PCI compliance overlord and they have changed a lot about what they scan.
They are reporting that the Plesk Admin Panel that runs on port 8443 reveals internal network information. The server's hostname is an externally resolvable FQDN and another test of theirs on ports 80 and 443 passes their test.
We are running the latest version of Plesk Obsidian (plesk-18026-mu1)
In their words:
CVE: CVE-2000-0649
Description: Web Server Internal IP Address/Internal Network Name Disclosure Vulnerability
Port: 8443 / tcp
Result: [the actual internal IP address of the server]
I have made an edit to /etc/sw-cp-server/config
changed:
error_page 497 https://$hostname:$server_port$request_uri;
to:
error_page 301 https://$hostname:$server_port$request_uri;
thinking that might help based on a post on this forum (article)
After making changes we have restarted plesk using: service sw-engine restart && service sw-cp-server restart
we have also rebooted the server once.
Last edited:
