When a security scanner queries the AppInternals box on the HTTPS port, using an HTTP query, the web service returns an HTTP 200 message rather than the expected HTTP 404 error.
When a security scanner queries the AppInternals box on the HTTPS port, using an HTTP query, the web service returns an HTTP 200 message rather than the expected HTTP 404 error.
This is true on AppInternals prior to v9.0.x release.
As of AppInternals v9.0.0, all communications is via SSL. Therefore you can expect the following results when accessing the AppInternals webservice: