I have configured HAProxy behind the AWS PUBLIC FACING ELB. While doing network scan its showing internal IP disclosure vulnerability. This internal IP is of ELB and not the HA proxy server.
It is showing vulnerability on port 80. Following are the steps for reproduce. Can some one help me to fix this? nmap --script http-internal-ip-disclosure viacom-214916319.ap-south-1.elb.amazonaws.com -p 80 Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-09 12:04 IST Nmap scan report for viacom-214916319.ap-south-1.elb.amazonaws.com (13.127.74.135) Host is up (0.058s latency). Other addresses for viacom-214916319.ap-south-1.elb.amazonaws.com (not scanned): 35.154.51.11 rDNS record for 13.127.74.135: ec2-13-127-74-135.ap-south-1.compute.amazonaws.com PORT STATE SERVICE 80/tcp open http | http-internal-ip-disclosure: |_ Internal IP Leaked: 10.100.2.244 -- Thanks & Regards Dhaval Jaiswal