Tuesday 25 February 2014

How to disable asp.net version and server information on HTTP Headers

By Unknown 6:06:00 pm Leave a Comment

Scenario:

We identified that the target web server is disclosing the ASP.NET version in its HTTP response. This information might help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of ASP.NET.

Impact:

An attacker might use the disclosed information to harvest specific security vulnerabilities for the version identified.

Solution

Disable the asp.net version and server information on http headers.
Open the web.config file and add this code in the web.config file :

<system.webServer>

    <httpProtocol>

        <customHeaders>

            <remove name="Server" />

            <remove name="X-AspNet-Version" /> 

            <remove name="X-AspNetMvc-Version" />

            <remove name="X-Powered-By" />                        

        </customHeaders>        

    </httpProtocol>

  </system.webServer>

You also need to remove the X-Powered-By headers on the IIS configuration.
  1. Open your IIS
  2. Open Http Response Headers
  3. Remove the X-Powered-By value.

By
NOTE : – If You have Found this post Helpful, I will appreciate if you can Share it on Facebook, Twitter and Other Social Media Sites. Thanks =)

0 comments:

Post a Comment

Subscribe to our newsletter to get the latest updates to your inbox.

Your email address is safe with us!




Founder of developersnote.com, love programming and help others people. Work as Software Developer. Graduated from UiTM and continue study in Software Engineering at UTMSpace. Follow him on Twitter , or Facebook or .



Powered by Blogger.