Abstract: Per default a IIS Server (Version 8.5 on Windows 2012 R2) running components from Microsoft Exchange advertise an "X-AspNet-Version: 2.0.50727" in the http server response. This could be used by an "hacker" to find possible vulnerable server, so it might be a good idea to hide that information.

Such an http header can be seen with Fiddler:

To prevent that the advertising from the X-AspNet-Version is added to the http header it can be removed via the following steps:

1.) Open the IIS Manager (on the affected Windows 2012 R2 OS)

2.) Select the server

3.) open the "Configuration Editor"

4.) change to "system.web/httpRuntime"

5.) change the "enableVersionHeader" from "True" to "False"

6.) save the configuration

You do not need to restart the Windows OS for this. Once saved it will be active!

 

Leave your comments

Post comment as a guest

0

Comments

    • No comments found