Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

removing hte server signature in IIS 7.5

Posted on 2013-06-17
6
2,564 Views
Last Modified: 2013-06-19
How do I remove the Server Signature  "On, Microsoft-IIS/7.5 ASP.NET 4.0.30319" in IIS 7.5?

There's this SEO report that shows that our web server lists this info and I want to remove it.
0
Comment
Question by:afacts
  • 3
  • 3
6 Comments
 
LVL 80

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 39254986
0
 

Author Comment

by:afacts
ID: 39256957
Well, the first two scans don't really have any info on doing what I need to do.
The third link looks like it might, but I have to write code to just remove the server signature, is it not an option setting somewhere in IIS?
0
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 39258255
urlscan is run on the iis server
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 

Author Comment

by:afacts
ID: 39259930
ve3ofa, I'm not sure what you mean by that.
0
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 39260217
You download and install the latest version of url scan
Once URLScan is installed, please open and modify the UrlScan.ini file in this location: %windir%\system32\inetsrv\urlscan\UrlScan.ini

Near the bottom of the UrlScan.ini file you’ll find a [DenyQueryStringSequences] section.  Add an additional “aspxerrorpath=” entry immediately below it and then save the file:

[DenyQueryStringSequences]
aspxerrorpath=

In addition, tilde characters can be added to [DenyUrlSequences] to deny it in the urls.

[DenyUrlSequences]
~

The above entry disallows URLs that have an “aspxerrorpath=” querystring attribute from making their way to ASP.NET applications, and will instead cause the web-server to return a HTTP error.  Adding this rule prevents attackers from distinguishing between the different types of errors occurring on a server – which helps block attacks using this vulnerability.

Lastly, set the AlternateServerName= variable to:

AlternateServerName=Apache

After saving this change, run “iisreset” from a command prompt (elevated as admin) for the above changes to take effect. Alternatively, reboot your server.

Note: For more information about URLScan please visit: http://www.iis.net/learn/extensions/working-with-urlscan
0
 

Author Closing Comment

by:afacts
ID: 39261024
THanks for your help, I had my web developer create the script and I think it's now working.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
File upload fails with SSL Certificate 3 22
Finding the IIS version 5 21
Reverse DND setup 6 37
Modify Permissions in Windows Folders. 15 30
A procedure for exporting installed hotfix details of remote computers using powershell
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question