IIS server version hiding

Hi,
I have a web application published by using IIS on a web server.
This application can be accessed with a user and password.
Can someone who doesn't have password see IIS version which this applicaiton running on?
And how do I hide this version information?
Thank you
certuranAsked:
Who is Participating?
 
GaryConnect With a Mentor Commented:
Yes they can but you can override it.
Download http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=5728
Open up %WinDir%\System32\inetsrv\urlscan\UrlScan.ini
Search for RemoveServerHeader and set the value to 1 or look for AlternateServerName and set it to whatever you want it to say instead of IIS...

And for other headers
http://www.troyhunt.com/2012/02/shhh-dont-let-your-response-headers.html
0
 
certuranAuthor Commented:
I could hide IIS version with this suggestion. Thank you very much.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.