• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 395
  • Last Modified:

remove info from response headers


We have a citrix webpage on IIS that uses .net Framework 2.0.
we would like to remove the default response header info, when a user hits a 404 page.
Server Error in '/' Application.

The resource cannot be found. 
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable.  Please review the following URL and make sure that it is spelled correctly. 

Requested URL: /auth/dd.aspx

Version Information: Microsoft .NET Framework Version:2.0.50727.5472; ASP.NET Version:2.0.50727.5474 

Open in new window


Please help with any advice.

1 Solution
Bob LearnedCommented:
Are you talking about using a custom page for 404 errors?
btanExec ConsultantCommented:
Remove the error can be done via appcmd as describe below

Likewise, you can customise the return error as below

Overall, to prevent fingerprinting attempt, suggest you consider hardening your IIS server using the IISlockdown and URLscan tools. E.g. In your URLscan.ini file, prevent IIS from including the HTTP header that identifies your Web server as "IIS" by setting the parameter RemoveServerHeader to a value of one (1).

As in the URLScan FAQ, UrlScan 3.1 and UrlScan 3.0 are supported on IIS 5.1, IIS 6.0, and IIS 7.0 and above. Also good to note the below on the IIS 7 inherent filtering module support

Question: How is this version different from the request filtering module in IIS 7.0 and above?

Answer: The request filtering module that shipped with Windows Server 2008 RTM does not have the ability to filter based on query strings like UrlScan v3.1 does. Request Filtering module also does not allow you to specify rules that apply to multiple parts of an HTTP request in one entity. However all the changes in UrlScan v3.x will be incorporated into the request filtering module for an update release in the near future.
URLSCAN setup - http://www.iis.net/learn/extensions/working-with-urlscan/urlscan-setup
sblankenAuthor Commented:
we solved this internally, the links provided were sort of helpful.

thank you
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now