Nagios Support Forum

Hello Everyone,

I hired a "white-hat" hacker to test my install of Nagios. I have already set up HTTPS and disabled HTTP. Unfortunately he was able to breach the network because he received the Nagios servers local IP address when he cancelled the login page for Nagios. The IP then came in handy for masquerading as our Nagios server.

In an effort to prevent this attack we want to change the error received when cancelling the authentication page. I need to make this not show the Nagios server's internal IP. My Nagios server is running on Ubuntu 14.04 since this is likely relevant.

I checked Apache under the assumption that this would be an HTML page pre-configured as part of it. If the page is there I could not locate it.

Few ways to do this, but it all boils down to properly configuring your Apache server. The easiest way to fix this is through the following directives:
Try adding those to your /etc/apache/apache2.conf file. Then restart the apache service:
It's worth mentioning these changes on their own don't 100% prevent someone from sniffing the IP address of a given server via Apache. It just solves the problem you mentioned in your post.

That did the trick!

Thanks for the sniffing tip! I will look into that too!

Happy to help! Is it alright if we lock this thread and mark the issue as resolved?

Yes please! Issue is resolved.