Hi
I am trying to assign empty value to "Server" HTTP header but unable to do so.
It is displaying as "Microsoft-IIS/8.5" at the moment but i want to hide the information for security reasons.
Is there any easy way to do this? I read it requires IIS /Registry changes. We don't have IIS access and i don't want to change registry as it might be risky.
I did the same for
"X-Powered-By" and "X-AspNet-Version" and they are ok but "server" is displayed 2 times 1 with empty value and 1 with actual version information.
Please help.
Thank you
Out servers are on Cloud and OS has to change those settings, Raised a support ticket but OS came up with this.
https://success.outsystems.com/Support/Unlisted/Support_Team/Security/HTTP_Header_Field_Discloses_Technical_Information
HI Lakshmi,
This information is added by IIS, not by OutSystems, so you should look at the IIS configuration. Do you have a cloud environment, or on-premise?
Kilian Hekhuis wrote:
Thanks for the quick response Kilian Hekhuis,
Unfortunately I don't have access to IIS or cloud but please let me know the solution so that I can explain the scenario to the people with access.
I think people with access to IIS should be able to configure the necessary things if you explain them what you need :).
Thank you Kilian Hekhuis. Will let them know the issue then.
Hi Iakshmi,
Would you be able to share a public link or copy their answers as the link you sent is not available.
Thank you in advance.
Giuliano
I am also facing same issue and unable to open the link(https://success.outsystems.com/Support/Unlisted/Support_Team/Security/HTTP_Header_Field_Discloses_Technical_Information ).
Can you please share the solution.
Regards
Shashikant Shukla