Results 1 to 2 of 2

Thread: HTTP Redirect headers

  1. #1
    Join Date
    Mar 2007
    Location
    Austin
    Posts
    441
    Rep Power
    8

    Default HTTP Redirect headers

    We had a security audit done on our external IPs, and the only thing it saw from Zimbra was the following:

    Tenable Network Security

    Which says that the web server reveals the internal IP in the headers. I had to check to make sure (especially since I upgraded to 5.0.9 right after he did the audit) and got the following response:

    Code:
    # telnet mail.domain.com 80
    Trying 245.23.23.23...
    Connected to mail.domain.com.
    Escape character is '^]'.
    GET / HTTP/1.0
    
    HTTP/1.1 302 Found
    Content-Length: 0
    Location: https://192.168.1.36:443/zimbra/
    I don't really see this as a problem, but I'd change it if I can. If only to make the auditors happy. I saw some references to potentially editing my /opt/zimbra/conf/httpd.conf file, but I try to make as few changes as I can to ZCS's config files by hand.

    I'd assume that someone else will see this at some point, and the SOX people will probably want an answer. Is there a way to fix this without hand-editing configs? Not that I won't, just that I don't want to have to add to my list of customizations for every time I upgrade Zimbra if I can avoid it.

  2. #2
    Join Date
    Mar 2007
    Location
    Austin
    Posts
    441
    Rep Power
    8

Similar Threads

  1. Redirect http to https v5.0
    By Amin Kardan in forum Administrators
    Replies: 3
    Last Post: 08-29-2008, 09:52 AM
  2. HTTP redirect (no https)
    By stich86 in forum Installation
    Replies: 3
    Last Post: 03-11-2008, 03:16 PM
  3. [SOLVED] Redirect HTTP to HTTPS
    By atx4runner in forum Installation
    Replies: 2
    Last Post: 02-13-2008, 10:14 AM
  4. HTTP to redirect to HTTPS
    By djve in forum Installation
    Replies: 3
    Last Post: 05-30-2007, 07:28 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •