发表新帖
发表新帖

Remove Server Response Header IIS 8.0 / 8.5

前端 未结
关注
8 1479
既然无缘
既然无缘 2020-12-23 20:57

How can we remove the server header response in IIS 8.0/8.5?
My current server report: Microsoft-IIS/8.0 Microsoft-IIS/8.5
For IIS 7.0 I

相关标签:
8条回答
  • 不思量自难忘°
    2020-12-23 21:42

    URLScan has been discontinued starting from IIS 7.5, since its functionalities are supposed to be available through "request filtering" option (feature added in IIS 7.5).

    But the URLScan's 'Remove server header' option does not look like having any equivalent in "request filtering".

    As said on this answer and this answer to you question, you can emptied the Server with URLRewrite instead, which remains available on IIS 8/8.5 (with some update required for having its UI in IIS administration console).

    It turns out, looking at this blog, that URLScan can still be installed on IIS 8/8.5, if lack of official support is not an issue.

    I have not tested myself. Here are the steps:

    • Install IIS 6 Metabase compatibility (if not already there)
    • Install Isapi Filters (if not already there)
    • Install URLScan (from download-able installer, not from web platform installer)
    • Configure URLScan through its ini file (by default in C:\Windows\System32\inetsrv\urlscan)

    Maybe some iisreset or even a reboot should be done. URLScan should be visible in IIS among Isapi filters

    0 讨论(0)
  • 轻奢々
    2020-12-23 21:48

    Unfortunately most of the recommendations you will find online for removing the "Server" header in IIS will not work for IIS 8.0 and 8.5. I have found the only working option, and in my opinion, also the best, is to use an IIS Native-Code module.

    Native-Code modules differ from the more common Managed modules, as they are written using the win32 APIs rather than ASP.NET. This means that they work for all requests (including static pages and images) rather than just requests that past though the ASP.NET pipeline. Using a Native-Code module, it is possible to remove unwanted headers at the very end of the request, meaning that you can remove headers (including the "Server" header) regardless of where they have been set.

    Binaries and source code of an example Native-Code module for removing headers in IIS 7.0 to 8.5 are available in the following article.

    http://www.dionach.com/blog/easily-remove-unwanted-http-headers-in-iis-70-to-85

    0 讨论(0)
 看不清?
提交回复
热议问题