Somehow, I am stuck on the issue to hide my server details from the outside world. But there are a lot of browser extensions available out there. I had a humongous argument with my Application security Team for this but till now I am unable to rectify it. Extensions Like wappalyzer which usually reveals almost major of your server details which need not be shown to anyone. Whatsoever changes you do in your Web Application configuration file but it still does not work and reveals almost everything. But, after scratching your head for almost 5 days and after some research I visited the Microsoft website and thought to run the same extension on the Microsoft So after painful of 5 days I confronted that even Microsoft is unable to hide its own server details. So if anyone came across with the same issue as of mine and were able to solve please put it down in the comments.
Solution Till Date :
1. Add in outbound rules of your Web.config
<rule name="Remove Server header">
<match serverVariable="RESPONSE_Server" pattern=".+" />
<action type="Rewrite" value="" />
</rule>
2. Add enableVersionHeader="false" in httpruntine of your web.config
Reference :
Link 1
Link 2
1. Add in outbound rules of your Web.config
<rule name="Remove Server header">
<match serverVariable="RESPONSE_Server" pattern=".+" />
<action type="Rewrite" value="" />
</rule>
2. Add enableVersionHeader="false" in httpruntine of your web.config
Link 1
Link 2
No comments:
Post a Comment