n IIS7, the 'Content Location' or 'Location' header http header discloses the internal IP of the host. Attackers can use this internal IP address information to conduct a more focussed attack such as social engineering and determine internal network architecture.
Setting the hostname in Internet Information Services (IIS) 7.0
To eliminate the disclosure of the Internal IP address, We need to set the "alternateHostName" property to be set a different value.
We can use this property to set whatever hostname we wish, be it the machine's FQDN or otherwise.
On the IIS host:
1. From a command prompt, cd to C:\windows\system32\inetsrv
2. Run a backup of IIS by running the following command appcmd.exe add backup "Backup_100_1557"  Once the backup is complete (check that it exists by running appcmd.exe list backup), proceed to step 3
3. Type the command below on one line:
appcmd.exe set config -section:system.webServer/serverRuntime /alternateHostName:"WEB_Server"  /commit:apphost
Output:
Applied configuration changes to section "system.webServer/serverRuntime" for "M
ACHINE/WEBROOT/APPHOST" at configuration commit path "MACHINE/WEBROOT/APPHOST"
This will replace the IP address to value "WEB_Server"
It is recommended to apply the latest hotfix from Microsoft before implementing this fix.