Solved

removing hte server signature in IIS 7.5

Posted on 2013-06-17
6
2,453 Views
Last Modified: 2013-06-19
How do I remove the Server Signature  "On, Microsoft-IIS/7.5 ASP.NET 4.0.30319" in IIS 7.5?

There's this SEO report that shows that our web server lists this info and I want to remove it.
0
Comment
Question by:afacts
  • 3
  • 3
6 Comments
 
LVL 78

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 39254986
0
 

Author Comment

by:afacts
ID: 39256957
Well, the first two scans don't really have any info on doing what I need to do.
The third link looks like it might, but I have to write code to just remove the server signature, is it not an option setting somewhere in IIS?
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 39258255
urlscan is run on the iis server
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 

Author Comment

by:afacts
ID: 39259930
ve3ofa, I'm not sure what you mean by that.
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 39260217
You download and install the latest version of url scan
Once URLScan is installed, please open and modify the UrlScan.ini file in this location: %windir%\system32\inetsrv\urlscan\UrlScan.ini

Near the bottom of the UrlScan.ini file you’ll find a [DenyQueryStringSequences] section.  Add an additional “aspxerrorpath=” entry immediately below it and then save the file:

[DenyQueryStringSequences]
aspxerrorpath=

In addition, tilde characters can be added to [DenyUrlSequences] to deny it in the urls.

[DenyUrlSequences]
~

The above entry disallows URLs that have an “aspxerrorpath=” querystring attribute from making their way to ASP.NET applications, and will instead cause the web-server to return a HTTP error.  Adding this rule prevents attackers from distinguishing between the different types of errors occurring on a server – which helps block attacks using this vulnerability.

Lastly, set the AlternateServerName= variable to:

AlternateServerName=Apache

After saving this change, run “iisreset” from a command prompt (elevated as admin) for the above changes to take effect. Alternatively, reboot your server.

Note: For more information about URLScan please visit: http://www.iis.net/learn/extensions/working-with-urlscan
0
 

Author Closing Comment

by:afacts
ID: 39261024
THanks for your help, I had my web developer create the script and I think it's now working.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now