Remove IIS Server header when using Custom Error Pages
Question
Ok...I needed to remove the 'Microsoft:IIS8.5' Server header from my production server and I have done that using URLReWrite module. Here's my rule:
<outboundRules>
<rule name="replace server name header" patternSyntax="Wildcard">
<match serverVariable="RESPONSE_Server" pattern="*" />
<action type="Rewrite" value="MyServer" />
</rule>
</outboundRules>
This works great on all regular pages. The problem is that I have custom error pages so that when I hit an error, it executes my custom error (using MVC) and it looks great.
But, when it returns this custom error page, the Server variable is back to 'Microsoft:IIS 8.5'
Not sure why this would do this since the UrlReWrite is supposed to replace the variable on ALL responses.
Any ideas why this would happen?
1 answers
solution1
3 2016-01-04 15:53:47
Ok, so after a good number of hours, I couldn't figure out why when I execute a custom error page, IIS bypasses by rewrite rule for the Server Header.
I was able to change the IIS Error Page settings to Redirect to my Custom Error page, instead of Executing the custom error page.
What's crazy is that the initial response from the invalid page, which has a return code of 302, has the rewritten Server Header, along with the Custom Error page that it redirects to.
Figured I'd post the answer in case anyone else hits this same issue. It's obscure, but when going through a security scan, it can be found.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.