how to remove server info via <customHeaders> in web.config
Question
I have removed the x-powered-by using <httpProtocol>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
<remove name="Server" />
</customHeaders>
</httpProtocol>
This hides the X-Powered-By but the server (IIS info ) is still not getting removed
It would be good if there is a way where I can remove all the info in the Response Header
How can i do it?
1 answers
solution1
1 2013-11-15 12:30:49
I believe you need UrlScan to remove the IIS info.
The particular setting you need to configure is: RemoveServerHeader
By default, a Web server returns a header that identifies what Web server software it is running in all responses. This can increase the server vulnerability because an attacker can determine that a server is running IIS and then attack known IIS problems, instead of trying to attack an IIS server by using exploits that are designed for other Web servers. By default, this option is set to 0. If you set the RemoveServerHeader option to 1, you prevent your server from sending the header that identifies it as an IIS server. If you set RemoveServerHeader to 0, this header is still sent.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.