During security audit scans, it is sometimes seen that a Microsoft Internet Information Services (IIS) server is exposing the servers internal ip, when a speciel get request is sent to the server.
This can be due to misconfig, unpatched server or maybe something that is default.
It can be amended by running this on IIS servers from 2008 R2 and up:
appcmd.exe set config -section:system.webServer/serverRuntime /alternateHostName:”mail.domain.com” /commit:apphost
Reboot is not needed and now it will display “mail.domain.com” instead of it’s internal ip.