Change the default banner for your HTTP server

Source: Internet
Author: User

(The following methods are only for IIS ASP.)

The server scan found a vulnerability, one of which is:

Remote WWW Service information can be obtained via HTTP [microsoft-iis/8.5]

Vulnerability Description This plugin detects remote HTTP server information. This may allow the attacker to understand the remote system type for the next attack.
Solution Solutions NSFocus recommends that you take the following measures to mitigate the threat

Open the Web page, review the code, we found that these headers clearly indicate our server and platform information, there is a security risk, must be hidden

Workaround:

Create a new Class library project Customhttpmodules, add a custom HttpModule

namespacecustomhttpmodules{ Public classHeaderfilterhttpmodule:ihttpmodule { Public voidInit (HttpApplication context) {context. Presendrequestheaders+=onpresendrequestheaders; }         Public voidDispose () {}voidOnpresendrequestheaders (Objectsender, System.EventArgs e) {HttpContext.Current.Response.Headers.Remove ("Server"); HttpContext.Current.Response.Headers.Remove ("x-aspnet-version"); HttpContext.Current.Response.Headers.Remove ("x-aspnetmvc-version"); HttpContext.Current.Response.Headers.Remove ("x-frame-options"); }     }}

After compiling, copy the DLL to the Web site Bin directory and modify the Web. config

<system.webserver>    <Modules>      <Addname= "Headerfiltermodule"type= "Customhttpmodules.headerfilterhttpmodule,customhttpmodules"/>    </Modules>    <Httpprotocol>      <customheaders>        <Removename= "X-powered-by"/>      </customheaders>    </Httpprotocol>  </system.webserver>

Run the site again, review the code, a few headers all gone, done!

This method is the safest and most convenient, as long as you copy a DLL and modify a configuration, you do not need to set up IIS (such as a virtual host), and do not need to modify and compile the site code.

Change the default banner for your HTTP server

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.