Change the default banner for your HTTP server

(The following methods are only for IIS ASP.)

The server scan found a vulnerability, one of which is:

Remote WWW Service information can be obtained via HTTP [microsoft-iis/8.5]

Vulnerability Description This plugin detects remote HTTP server information. This may allow the attacker to understand the remote system type for the next attack.
Solution Solutions NSFocus recommends that you take the following measures to mitigate the threat

Open the Web page, review the code, we found that these headers clearly indicate our server and platform information, there is a security risk, must be hidden

Workaround:

Create a new Class library project Customhttpmodules, add a custom HttpModule

namespacecustomhttpmodules{ Public classHeaderfilterhttpmodule:ihttpmodule { Public voidInit (HttpApplication context) {context. Presendrequestheaders+=onpresendrequestheaders; }         Public voidDispose () {}voidOnpresendrequestheaders (Objectsender, System.EventArgs e) {HttpContext.Current.Response.Headers.Remove ("Server"); HttpContext.Current.Response.Headers.Remove ("x-aspnet-version"); HttpContext.Current.Response.Headers.Remove ("x-aspnetmvc-version"); HttpContext.Current.Response.Headers.Remove ("x-frame-options"); }     }}

After compiling, copy the DLL to the Web site Bin directory and modify the Web. config

<system.webserver>    <Modules>      <Addname= "Headerfiltermodule"type= "Customhttpmodules.headerfilterhttpmodule,customhttpmodules"/>    </Modules>    <Httpprotocol>      <customheaders>        <Removename= "X-powered-by"/>      </customheaders>    </Httpprotocol>  </system.webserver>

Run the site again, review the code, a few headers all gone, done!

This method is the safest and most convenient, as long as you copy a DLL and modify a configuration, you do not need to set up IIS (such as a virtual host), and do not need to modify and compile the site code.

Change the default banner for your HTTP server