Reputation: 27003
Changing headers that IIS/ASP.NET sends. Side-effects?
IIS / ASP.NET sends HTTP headers to identify itself by default.
Server Microsoft-IIS/7.5
X-AspNetMvc-Version 2.0
X-AspNet-Version 4.0.30319
X-Powered-By ASP.NET
Is there any reason not to remove these? Considering the ASP.NET vulnerabilities recently discovered, some people recommend changing the Server header to that of another server, such as Apache, to throw off scanners looking for affected websites. This seems like a good idea. Are there any unwanted side effects that I'm not thinking of?
Upvotes: 2
Views: 1249
Answers (2)
Reputation: 75794
I agree with Andrew, but for practical purposes yes this is possible (see here) and I am not aware of any negative side-effects - I believe these exist purely for stat-gathering and "advertising" purposes and the ubiquitous "reserved for future use".
Upvotes: 5
Reputation: 40150
In my experience, such tricks are not useful in the least. Spend your time making sure the server is actually secure, rather than wasting time on hacks of essentially no benefit whatsoever. There are plenty of other more reliable ways to know what operating system and web service a server is running.
Upvotes: 2
Related Questions
- What is the advantage of aspnet headers in a response?
- What happens when a HTTP request uses different browser headers?
- Edit HTTP header connection
- How to use IIS to set request header
- Edit HTTP response headers for an application in IIS 7
- http headers in asp.net
- IIS7 overwriting defined HTTP header values
- How to modify request headers in c#,ASP .NET
- HttpHeaders in ASP.NET 1.1
- How do you change the http header information sent in IIS 6