While going through PCI compliance it appears that CGI.SERVER_NAME can leak the internal private IP address.
Does CGI.SERVER_NAME default to the internal IP setup in IIS? I have a re-direct in Application.cfm that if the user is on HTTPS to cflocation them to http://#CGI.SERVER_NAME#/ and this leaks the private IP 10.1.0.0 when using CURL curl -0 -k --head -v -H "Host: "https://1.1.1.1 Could this be DNS setup? Thanks, Chad ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:334099 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm