Menu
As a part of security configuration, we should not be revealing the "Server" variable and other variables in the Header Response. How can I remove these variables for a ColdFusion server hosted on IIS?
782
In IIS Manager, at the server level, go to the Features view. Click on HTTP Response Headers. You can add/remove headers there. You can also manage the response headers at the site level as well.
Open the site which you would like to open and then click on the HTTP Response Headers option. Click on the X-Powered-By header and then click Remove on the Actions Pane to remove it from the response.
web.config here. To add a URL rewrite outbound rule to the "Jakarta" virtual directory, we need a web.config. The web.config should have an outbound rule and the variable removal rules mentioned below.Add an outbound rule to web.config, for erasing the server header response value and set it to blank.
<system.webServer>
<outboundRules>
<rule name="Remove Server">
<match serverVariable="RESPONSE_SERVER" pattern=".*" />
<action type="Rewrite" />
</rule>
</outboundRules>
</rewrite>
</system.webServer>
For server tag value removal for all static files like .css/.js files, add this to web.config:
<configuration>
<modules runAllManagedModulesForAllRequests="true">
</configuration>`
Add the code below to web.config for removal of X-Powered-By and X-AspNet-Version
<configuration>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
<remove name="Server" />
<remove name="X-AspNet-Version" />
</customHeaders>
</httpProtocol>
</configuration>
Convert PortalTools from virtual directory to Application and add the same web.config to the PortalTools folder as well.
90
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With