Although there are numerous facets to web security, in this essay we’ll concentrate on just one. Attackers can benefit from any knowledge they have about a target online application. Attackers might therefore target their attack and try to exploit vulnerabilities in that specific software if your web application is sending out headers that indicate the underlying architecture of your web site.
In this instance, I am using IIS version 10.0, and we will be requesting the IIS default website.
Following Response HTTP Headers are often returned in response to a request to “localhost”
First, we need to get rid of the “Server” variable. This variable provides information about the application the origin server used to process the request.
There are two methods that I will use here.
Method #1
If you have IIS version 10.0 this is really simple.
1. Go at Site level and click “Configuration Editor”
2. Find “system.webServer/security/requestFiltering” and set the value of the following key to:
removeServerVariable: True
3. Please test it!
Method #2
The “Server” variable’s value can be changed to the empty string using the URL Rewrite Module.
This module can be set up using the Web Platform Installer.
1. Go to your IIS, click on your website, then click URL Rewrite module.
2. Then, you can find option View Server Variables, click it
3. Then, you can find Add button and please kindly add a server variable called “RESPONSE_SERVER”
4. Go back and click Add Rule(s)
5. Select “Outbound rules > Blank rule” and “OK”
6. Set this value below and then click Apply
Match Section
• Name: Remove Server Variable (or whatever you would like)
• Matching scope: Server Variable
• Variable name: RESPONSE_HEADER
• Variable value: Matches the Pattern
• Using: Regular Expressions
- Pattern: .*
Action Section
• Action type: Rewrite
• Value: (empty string)
- Make sure “Replace existing server variable value” is checked.
7. Please test it!
Conclusion
In above article, you have learned how to remove response headers in IIS. If you have other ways, please feel free to comment below. Happy coding!
Andriy Kravets is writer and experience .NET developer and like .NET for regular development. He likes to build cross-platform libraries/software with .NET.
