Disabling IIS Web Banner And Other IIS Headers

Question & Answer

Question

Answer

Title : Disabling IIS Web Banner And Other IIS Headers

ARTICLE

For security purposes, it may be desirable to disable the X-ASPNET-VERSION and X-Powered-By HTTP Headers.

The HTTP header "X-Powered-By" reveals the version of IIS being used on the server. This can be disabled by:
1. Open the IIS Manager
2. Select the website that Secret Server is running under.
3. Select "HTTP Response Headers"
4. Select the "X-Powered-By" HTTP Header and select "Remove"
The Http Header "X-ASPNET-VERSION" reveals the version of ASP.NET being used by the Secret Server application pool. This can be disabled by:

1. Open the web.config file for Secret Server (located in the root directory for the website).
2. Just after the <system.web> tag add this: <httpRuntime enableVersionHeader="false" />
3. Save the file.

Note: The SERVER header variable should not be removed as it will cause certain functionality within Secret Server to break.

[{"Product":{"code":"SSWHLP","label":"IBM Security Secret Server"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.4","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

Disabling IIS Web Banner And Other IIS Headers

Question & Answer

Question

Answer

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?