Here is a guide to remove IIS server header Server: Microsoft-IIS/6.0 from IIS to stop your browser detecting the web server SharePoint is running on. This can be particularly useful if you are externally publishing SharePoint or other IIS .NET applications and want to reduce the information to your backend servers information.
Background
Without additional configuration you can identify what platform IIS is running on using a simple tool to view the http headers.
If you download and install a tool such as ieHTTPHeaders from here. From Internet Explorer enable the tool from ‘Tools->Display ieHTTPHeaders’. Load the homepage of SharePoint and you will notice that amongst the many headers and requests you will notice something similar to the below:
Server: Microsoft-IIS/6.0
MicrosoftSharePointTeamServices: 12.0.0.6318
X-Powered-By: ASP.NET
How to remove these from IIS
The last two lines can simply be removed from IIS by editing the properties of the web site under the custom HTTP headers section as shown below, noting this is IIS 6 but the same applies to IIS 7.
To remove the header Server: Microsoft-IIS/6.0 from IIS this requires a little more config!
Firstly you need to download URLScan (at the time of writing this is version 3.1) from Microsoft here. This is basically an ISAPI filter that needs to be applied to the website you wish to remove the headers from, making sure that if you have extended a SharePoint web app you assign the ISAPI filter to the correct one (i.e. the one created for external access).
Install URLScan, then from the same web app select ISAPI Filters tab and select add navigating to C:\windows\system32\inetsrv\urlscan and add urlscan.dll (IIS 7 may do this for you).
Then edit the urlscan.ini line
RemoveServerHeader=1 ; If 1, remove the 'Server' header from
; response. The default is 0.
Save the file and check the HTTP headers using ieHTTPHeaders and you should now not see the these headers when loading pages.
Feel free to leave a comment if you have any thoughts.
0 comments:
Post a Comment