I have a .Net application which uses spring.net remoting to expose remoting services, over IIS 7.5.for security reasons, I want to remove some information like "Server: IIS/7.5" from HTTP response header. I removed other tags like X-Powered-By easily, but, for the Server tag, I tried all the offered solutions on the internet and none of them worked. I tried setting the DisableServerHeader registry key or installing URLrewrite tools and changing my web.config and adding outboundRule or any other coding solution like adding a custom HTTP module or handling preRequestHandling of http context in my global.asax file. but none of them worked for me. basically ,is it possible to remove this value, Server , from the response header, given that I'm using .net 3.5 and .net remoting over IIS 7.5? I should mention that, this tag's value will become empty if I browse any pages that I've put into the host directory , but for my .Net remoting requests it's not working and the value of the server tag in response http header is still IIS/7.5
Asked
Active
Viewed 149 times
0
-
after updating the registry key make sure you restart the machine. – Jalpa Panchal Aug 06 '20 at 02:44
-
I restarted w3svc by net stop/start w3svc command and also restarted iis by iisreset command, isn't it enough? – Fahimeh Rahmatipoor Aug 06 '20 at 13:28
1 Answers
0
Unfortunately, you can not really remove the Server header. But you can rewrite its content and empty it. On IIS 7+ (IIS 7, 8.5, 8.0, 8.5, IIS 10.0), use a rewrite outbound rule to remove the webserver version information from the Server: header response.
You can use the following URL Rewrite Outbound rule:
<rewrite>
<outboundRules rewriteBeforeCache="true">
<rule name="Remove Server header">
<match serverVariable="RESPONSE_Server" pattern=".+" />
<action type="Rewrite" value="" />
</rule>
</outboundRules>
</rewrite>
Jalpa Panchal
- 8,251
- 1
- 11
- 26
-
Thank your Jalpa I exactly followed these steps and for the last solution I also added the outbound rule after installing urlrewrite but unfortunately none of these solutions worked for me, I also restarted the IIS and w3svc services. But the value of server tag didn't change at all. maybe this is because of utilizing . Net remoting as my communication technology . – Fahimeh Rahmatipoor Aug 06 '20 at 13:25
-
I should mention that, this tag's value will become empty if I browse any pages that I've put into the host directory , but for my remoting request it's not working and the value is still IIS/7.5. – Fahimeh Rahmatipoor Aug 06 '20 at 19:37
-
@FahimehRahmatipoor could you please share which os version you are using? did you host the site in iis? you could try to run the failed request tracing in iis to check why the rule is not working. https://learn.microsoft.com/en-us/iis/extensions/url-rewrite-module/using-failed-request-tracing-to-trace-rewrite-rules#:~:text=Configure%20Failed%20Request%20Tracing,-Now%20enable%20failed&text=After%20you%20enable%20failed%20request,the%20list%20of%20FRT%20rules. – Jalpa Panchal Aug 07 '20 at 08:21
-
I'm using win server 2008 and IIS 7.5. As I said before I can see that the rule works for requested web pages, so while I'm browsing html files there's no value for server tag in response header. But in the same host application which also hosts my .Net remoting services, the responses for remoting requests contains server tag with filled value. Seems that this rule doesn't work for .Net remoting responses. – Fahimeh Rahmatipoor Aug 07 '20 at 09:51
-
@FahimehRahmatipoor you could try to use the url scan tool https://techcommunity.microsoft.com/t5/iis-support-blog/remove-unwanted-http-response-headers/ba-p/369710 – Jalpa Panchal Aug 13 '20 at 09:18