removing hte server signature in IIS 7.5

Posted on 2013-06-17
Medium Priority
Last Modified: 2013-06-19
How do I remove the Server Signature  "On, Microsoft-IIS/7.5 ASP.NET 4.0.30319" in IIS 7.5?

There's this SEO report that shows that our web server lists this info and I want to remove it.
Question by:afacts
  • 3
  • 3
LVL 85

Accepted Solution

David Johnson, CD, MVP earned 2000 total points
ID: 39254986

Author Comment

ID: 39256957
Well, the first two scans don't really have any info on doing what I need to do.
The third link looks like it might, but I have to write code to just remove the server signature, is it not an option setting somewhere in IIS?
LVL 85

Expert Comment

by:David Johnson, CD, MVP
ID: 39258255
urlscan is run on the iis server
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.


Author Comment

ID: 39259930
ve3ofa, I'm not sure what you mean by that.
LVL 85

Expert Comment

by:David Johnson, CD, MVP
ID: 39260217
You download and install the latest version of url scan
Once URLScan is installed, please open and modify the UrlScan.ini file in this location: %windir%\system32\inetsrv\urlscan\UrlScan.ini

Near the bottom of the UrlScan.ini file you’ll find a [DenyQueryStringSequences] section.  Add an additional “aspxerrorpath=” entry immediately below it and then save the file:


In addition, tilde characters can be added to [DenyUrlSequences] to deny it in the urls.


The above entry disallows URLs that have an “aspxerrorpath=” querystring attribute from making their way to ASP.NET applications, and will instead cause the web-server to return a HTTP error.  Adding this rule prevents attackers from distinguishing between the different types of errors occurring on a server – which helps block attacks using this vulnerability.

Lastly, set the AlternateServerName= variable to:


After saving this change, run “iisreset” from a command prompt (elevated as admin) for the above changes to take effect. Alternatively, reboot your server.

Note: For more information about URLScan please visit: http://www.iis.net/learn/extensions/working-with-urlscan

Author Closing Comment

ID: 39261024
THanks for your help, I had my web developer create the script and I think it's now working.

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

A procedure for exporting installed hotfix details of remote computers using powershell
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question