I want to avoid any possible leakage of the IP of a server as part of a response to a request with ModSecurity. And also a certain hostname of the VPS setup that might leak it (e.g. "vps-123-123-123-123.greatvpsprovider.example.com") - be it part of something Wordpress, any plugin or other CMS. It could happen in img tags, redirects, by a human editor or other situations.
The setup is an Apache on Debian Wheezy with default packages and the server is hidden behind a reverse proxy.
I took a look into the modsecurity_crs_50_outbound.conf but I'm confused how a minimal individual SecRule would have to look like.
Aucun commentaire:
Enregistrer un commentaire