An internal IP address is shown in HTTP Via header when opening the link of provider or reseller brand
The IP address or internal hostname obtained from the header allows an attacker to obtain technical information, which could be potentially used as a platform for further attacks.
Such behavior will be fixed in future in scope of the request APS-35995: Consider removal of "Via" Header in APS response, as it's claimed as insecure.
Please contact your TAM or PTA to trace the status of APS-35995. For now the following workaround can be used to prevent the issue:
# httpd -M | grep headers_module
If not - include it into
/etc/httpd/conf/httpd.conf(in case of NG hosting) or in
/usr/local/pem/etc/apache/httpd.conf_pem(in case of Legacy Shared Hosting):
LoadModule headers_module modules/mod_headers.so
Disable header in
<IfModule mod_headers.c> Header unset Via </IfModule>
restart httpd service to apply changes:
a. in case of NG hosting:
# service httpd restart
b. in case of Legacy Shared Hosting:
# service pemhttpd restart