How to HIDE IIS ASP.Net and X-Powered-By ASP.NET

You might have seen the following information in the request header of your website. An attacker can use this information to carry out attacks on your website. You can easily avoid this.

The following will remove ASP.net version header

<system.web>
<httpRuntime enableVersionHeader=”false” />
</system.web>

 

The following will remove X-Powered-By and IIS version

<system.webServer>
<httpProtocol>
<customHeaders>
<remove name=”X-Powered-By” />
</customHeaders>
</httpProtocol>
<rewrite>
<outboundRules>
<rule name=”Remove RESPONSE_Server” >
<match serverVariable=”RESPONSE_Server” pattern=”.+” />
<action type=”Rewrite” value=”NA” />
</rule>
</outboundRules>
</rewrite>
</system.webServer>

Donate me $1 or above 🙂 https://www.paypal.me/ccsindia

Leave a Reply

Your email address will not be published. Required fields are marked *