139
Views
5
Comments
Solved
changing the value of "Server" response header
Question

Hi

I am trying to assign empty value to "Server" HTTP header but unable to do so.

It is displaying as "Microsoft-IIS/8.5" at the moment but i want to hide the information for security reasons.

Is there any easy way to do this? I read it requires IIS /Registry changes. We don't have IIS access and i don't want to change registry as it might be risky.

I did the same for  

"X-Powered-By" and "X-AspNet-Version"  and they are ok  but "server" is displayed 2 times 1 with empty value and 1 with actual version information.



Please help.

Thank you

Rank: #33059
Solution

Out servers are on Cloud and OS has to change those settings, Raised a support ticket but OS came up with this.

https://success.outsystems.com/Support/Unlisted/Support_Team/Security/HTTP_Header_Field_Discloses_Technical_Information


mvp_badge
MVP
Rank: #2

HI Lakshmi,

This information is added by IIS, not by OutSystems, so you should look at the IIS configuration. Do you have a cloud environment, or on-premise?

mvp_badge
MVP
Rank: #2

I think people with access to IIS should be able to configure the necessary things if you explain them what you need :).

Rank: #33059
Solution

Out servers are on Cloud and OS has to change those settings, Raised a support ticket but OS came up with this.

https://success.outsystems.com/Support/Unlisted/Support_Team/Security/HTTP_Header_Field_Discloses_Technical_Information