Hi I'm trying to prevent the internal IP address of our MOSS 2007 web front end from leaking. So far I've applied the fix (SetHostName) outlined here by Microsoft - http://support.microsoft.com/kb/834141 - but the internal IP address can still be seen. I'm using serversniff.net to view the website and the HTTP 1.0/empty host header request is the one that's revealing the internal IP address. This link offers further advice - http://blogs.msdn.com/asiatech/archive/2009/03/13/why-private-ip-address-is-still-leaked-on-iis-server-even-after-applying-fix-834141.aspx - but I'm not sure how this would apply to SharePoint. Any help appreciated.

I think you can try implementing SSL with your public facing SharePoint site. http://blog.mastykarz.nl/configuring-ssl-in-sharepoint-2007-development-environment/ BR, PM

Thanks for the reply. The application is behind an F5 that is offloading the SSL already so I don't think that's the problem. Also, forgot to mention - I've currently set it to use SetHostName and it's using the host header of the site as the host name.

Praise be this is now fixed. The issue was that the default website was also on and listening on 80 with no host headers - so any HTTP 1.0 host header-less requests destined for the website in question were being redirected to the default website. I turned the default website off as it wasn't being used and the ServerSniff HTTP-HeaderInfo request (HTTP 1.0 GET with empty host header) no longer reports the internal IP address. Interesting stuff!