Remove Header Information Disclosure in IIS

Remove Header Information Disclosure in IIS

1. Install URLRewrite. To install the URLRewrite please go to the following link( http://www.iis.net/downloads/microsoft/url-rewrite )

2. Open the site on which you would like to remove the Server header and click on the URLRewrite section.

2185.image_69446852.png

3. Click on the “View Server Variables” in the Actions pane in the right hand side.

7220.image_52557109.png

4. Click on the Add button and then enter “RESPONSE_SERVER” in the textbox provided.

6562.image_21870933.png

5. Now we need to create an outbound rule. To know how to create an outbound rule, look at the following link( http://www.iis.net/learn/extensions/url-rewrite-module/creating-outbound-rules-for-url-rewrite-module )

6. Create an Outbound rule as the following.

5756.image_036485DD.png

Please note that this is a website-specific rule. If you want to create the rule for all of your applications, create the rule at the server level. Also, some applications, especially third party applications, may require the Server header, so you may need to remove this rule for those applications.

X-Powered-By

Using URLRewite Rule.

Please note that it will not remove the header all together but it will remove the value of it.

1. Install URLRewrite. To install the URLRewrite please go to the following link ( http://www.iis.net/downloads/microsoft/url-rewrite )

8233.image_65462C4E.png

2. Open the site on which you would like to remove the X-Powered-By header and Click on the URLRewrite section.

3. Click on the “View Server Variables” in the Actions pane in the right hand side.

5287.image_2B2739A2.png

4. Click on the Add button and then enter “RESPONSE_X-POWERED-BY” in the textbox provided.

2451.image_44F387CB.png

5. Now we need to create an outbound rule. To know how to create an outbound rule, look at the following link ( http://www.iis.net/learn/extensions/url-rewrite-module/creating-outbound-rules-for-url-rewrite-modul… )

6. Create an Outbound rule as the following

2620.image_16B2203A.png

Please note that this is a website-specific rule. If you want to create the rule for all of your applications, create the rule at the server level. Also, some applications, especially third party applications, may require the x-powered-by header, so you may need to remove this rule for those applications.

X-AspNet-Version



Please note that it will not remove the header all together but it will remove the value of it.

1. Install URLRewrite. To install the URLRewrite please go to the following link ( http://www.iis.net/downloads/microsoft/url-rewrite )

8233.image_65462C4E.png

2. Open the site on which you would like to remove the X-Powered-By header and Click on the URLRewrite section.

3. Click on the “View Server Variables” in the Actions pane in the right hand side.

5287.image_2B2739A2.png

4. Click on the Add button and then enter “RESPONSE_X-ASPNET-VERSION” in the textbox provided.4428.image_087B1321.png

5. Now we need to create an outbound rule. To know how to create an outbound rule, look at the following link ( http://www.iis.net/learn/extensions/url-rewrite-module/creating-outbound-rules-for-url-rewrite-modul… )

6. Create an Outbound rule as the following.

6116.image_5FD3A7AB.png

Please note that this is a website-specific rule. If you want to create the rule for all of your applications, create the rule at the server level. Also, some applications, especially third party applications, may require the x-aspnet-version header, so you may need to remove this rule for those applications.



Leave a Reply

Your email address will not be published. Required fields are marked *