Remove Server from response header with an outboundRule URL Rewrite rule. This will work for IIS 7+ (IIS 7, 8.5, 8.0, 8.5):
<rewrite>
<outboundRules rewriteBeforeCache="true">
<rule name="Remove Server header">
<match serverVariable="RESPONSE_Server" pattern=".+" />
<action type="Rewrite" value="" />
</rule>
</outboundRules>
</rewrite>
In Microsoft-IIS/8.0, we can rewrite 'Server: Microsoft-IIS/8.0' with your own text:
<action type="Rewrite"
value="ABC custom text" />
To remove the server from response header in Microsoft-IIS 10.0, we can add this in web.config
<security>
<requestFiltering removeServerHeader ="true" />
</security>
Remove ASP.NET X-Powered-By from response header:
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
Remove X-AspNet-Version header from response header:
<httpRuntime enableVersionHeader="false" />
<rewrite>
<outboundRules rewriteBeforeCache="true">
<rule name="Remove Server header">
<match serverVariable="RESPONSE_Server" pattern=".+" />
<action type="Rewrite" value="" />
</rule>
</outboundRules>
</rewrite>
In Microsoft-IIS/8.0, we can rewrite 'Server: Microsoft-IIS/8.0' with your own text:
<action type="Rewrite"
value="ABC custom text" />
To remove the server from response header in Microsoft-IIS 10.0, we can add this in web.config
<security>
<requestFiltering removeServerHeader ="true" />
</security>
Remove ASP.NET X-Powered-By from response header:
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
Remove X-AspNet-Version header from response header:
<httpRuntime enableVersionHeader="false" />
No comments:
Post a Comment