# Web Server HTTP Header Internal IP Disclosure

To test this vulnerability, it is basically the same procedure as the previous one; But, this time we are sending our GET request to the root of the webserver instead of autodiscover.xml.

Connect to your exchange server using OpenSSL as below.

```
openssl s_client -host host.domain.com -port 443
```

Once the above OpenSSL command asks for input, paste and execute the following in the same terminal. (GET request to the root page of the webserver.)

```
GET / HTTP/1.0
```

Notice the response kindly lets you know the Internal IP in the Location: header.

<figure><img src="https://securitytutorials.co.uk/ezoimgfmt/i0.wp.com/securitytutorials.co.uk/wp-content/uploads/2019/11/locationHeader-1.png?resize=480%2C228&#x26;ssl=1&#x26;ezimgfmt=rs:480x228/rscb1/ng:webp/ngcb1" alt="302 Redirection causing Internal IP disclosure" height="228" width="480"><figcaption></figcaption></figure>