Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

remove info from response headers

Posted on 2014-04-25
3
Medium Priority
?
372 Views
Last Modified: 2014-06-09
hi

We have a citrix webpage on IIS that uses .net Framework 2.0.
we would like to remove the default response header info, when a user hits a 404 page.
"
Server Error in '/' Application.
--------------------------------------------------------------------------------

The resource cannot be found. 
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable.  Please review the following URL and make sure that it is spelled correctly. 

Requested URL: /auth/dd.aspx


--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:2.0.50727.5472; ASP.NET Version:2.0.50727.5474 

Open in new window

"

Please help with any advice.

Thanks
Rezart
0
Comment
Question by:sblanken
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 96

Expert Comment

by:Bob Learned
ID: 40024471
Are you talking about using a custom page for 404 errors?
0
 
LVL 64

Accepted Solution

by:
btan earned 1000 total points
ID: 40024496
Remove the error can be done via appcmd as describe below
http://technet.microsoft.com/en-us/library/cc771015(v=ws.10).aspx

Likewise, you can customise the return error as below
http://technet.microsoft.com/en-us/library/cc753103(v=ws.10).aspx

Overall, to prevent fingerprinting attempt, suggest you consider hardening your IIS server using the IISlockdown and URLscan tools. E.g. In your URLscan.ini file, prevent IIS from including the HTTP header that identifies your Web server as "IIS" by setting the parameter RemoveServerHeader to a value of one (1).
http://www.iis.net/learn/extensions/working-with-urlscan/urlscan-3-reference

As in the URLScan FAQ, UrlScan 3.1 and UrlScan 3.0 are supported on IIS 5.1, IIS 6.0, and IIS 7.0 and above. Also good to note the below on the IIS 7 inherent filtering module support
http://www.iis.net/learn/extensions/working-with-urlscan/urlscan-faq

Question: How is this version different from the request filtering module in IIS 7.0 and above?

Answer: The request filtering module that shipped with Windows Server 2008 RTM does not have the ability to filter based on query strings like UrlScan v3.1 does. Request Filtering module also does not allow you to specify rules that apply to multiple parts of an HTTP request in one entity. However all the changes in UrlScan v3.x will be incorporated into the request filtering module for an update release in the near future.
URLSCAN setup - http://www.iis.net/learn/extensions/working-with-urlscan/urlscan-setup
0
 

Author Closing Comment

by:sblanken
ID: 40123439
we solved this internally, the links provided were sort of helpful.

thank you
Rezart
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What is Node.js? Node.js is a server side scripting language much like PHP or ASP but is used to implement the complete package of HTTP webserver and application framework. The difference is that Node.js’s execution engine is asynchronous and event…
Online collaboration is quickly becoming embedded in the workplace, and its benefits are tangible. See what the current landscape looks like and what the future holds for collaboration tools and the future of work.
This video teaches users how to migrate an existing Wordpress website to a new domain.
Wufoo.com provides powerful tools for surveying targeted groups, and utilizing data from completed surveys to find trends, discover areas of demand or customer expectation, and make business decisions on products or services.

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question