Tuesday, March 19, 2024

Exchange Windows OS Hardening: Disable the “X-AspNet-Version” header

Abstract: Per default a IIS Server (Version 8.5 on Windows 2012 R2) running components from Microsoft Exchange advertise an “X-AspNet-Version: 2.0.50727” in the http server response. This could be used by an “hacker” to find possible vulnerable server, so it might be a good idea to hide that information.

Such an http header can be seen with Fiddler:

To prevent that the advertising from the X-AspNet-Version is added to the http header it can be removed via the following steps:

1.) Open the IIS Manager (on the affected Windows 2012 R2 OS)

2.) Select the server

3.) open the “Configuration Editor”

4.) change to “system.web/httpRuntime”

5.) change the “enableVersionHeader” from “True” to “False”

6.) save the configuration

You do not need to restart the Windows OS for this. Once saved it will be active!

 

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Stay Connected

35FollowersFollow
- Advertisement -

Latest Articles