Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 217
  • Last Modified:

How can I mask IIS7 server information without using ServerMask

I have a windows 2008 server running IIS7. I would like to mask the server information from hackers and I am familiair with a tool called ServerMask: http://www.port80software.com/products/servermask/

I would like to know if server masking can be achieved natively by just using IIS7.
0
mike99c
Asked:
mike99c
  • 2
1 Solution
 
Aaron TomoskySD-WAN SimplifiedCommented:
I use this in my default web.config
<system.webServer>
    <httpProtocol>
        <customHeaders>
            <remove name="X-Powered-By" />
        </customHeaders>
    </httpProtocol>
</system.webServer>
0
 
shalomcCTOCommented:
I can fully understand when someone does not want to install additional software on sensitive servers, because of regulations, security or compliance.

In those cases I use a reverse proxy in front of the web server. There are commercial solutions like aiscaler, and open source solutions like Varnish, and CDN services like Fastly or Akamai.
A CDN service like those mentioned has the additional benefit of accelerating your entire application, but it is relevant only if the web site is public.
0
 
mike99cAuthor Commented:
Thanks Aaron.

When I analyse my header information I also found the following which would give away the fact that I have a windows server:

Server      Microsoft-IIS/7.5      This web server is running Microsoft-IIS/7.5

Set-Cookie      ASPSESSIONIDQCRQBTQA=AKGLKIHACFFCKPBFFEBFLOOE; path=/      The web site is trying to set a cookie (per RFC2109), with the following information: ASPSESSIONIDQCRQBTQA=AKGLKIHACFFCKPBFFEBFLOOE; path=/

I tried modifying web.config as follows:

            <customHeaders>
                <remove name="X-Powered-By" />
                <remove name="Server" />
                <remove name="Set-Cookie" />
            </customHeaders>

Unfortunately it did not remove Server and Set-Cookie.
0
 
Aaron TomoskySD-WAN SimplifiedCommented:
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now