“Guys welcome back to the mall for the btn hd. And yes. Today is all all about removing the server response header within your website. So let s get started first things first i m going to right click on my start menu click on run type in win ber click ok and i m running everything within this server 2019 version 1809.
I m going to open up my server manager. And i m going to show you guys that i am running iis as my services and i m gonna open up my. I is manager and i have a website. I have a dummy website up and running right now if i navigate it locally it s up and running it s just a dummy website.
Just to do some testing ok. What we need to do is download postman. Which is a free app. There is a paid version.
I m not advertising for them postman is one of the tools that i ve used so i m gonna type in postman within google calm and go to the first link click on download the app it s gonna take you here click on download and it s gonna download the exe file once it s completed downloading i m going to click on it it s gonna start loading up you re gonna get this nice little page. I already have a sign in information so i m gonna login to the app and once you login to the app. I m going to click show me how it s gonna take you here. It s gonna give you kind of like a little short little lesson of how to use it click next.
There and then just end the lesson now from here. I m going to type in on the text box. My ip address. Okay make sure that you want to do a get command and just click on send.
It s gonna start sending the request and then once it s completed its gonna give you more information now the information that i want to get into is the header part because again we are removing the header part within our server. So when you click on header one of the things that your site should not be pushing out to the world is the server type and if it s running aspnet framework that s the thing that that s another thing that you need to hide as well for this site. It is distributing to the world that this server is a. Microsoft i version 1004.
Once to get into my sites they basically know that what particular server. I m using and they re gonna try to find exploits dealing with i is version 100. So we need to remove that now to remove it we need to get inside iis manager. So make sure you in make sure you click on the server name and within the server name let s go inside.
Http. Response. Header double click on that and if you have anything in here remove. It okay we re gonna open up powershell.
I m going to open up windows powershell ise as an administrator and we re gonna run the two commands now the first command that we re going to run is basically attacking my website. And we are running a parameter of remove server header and with the value of true now. The second command is we are running the entire app. Host and anything.
Within the app host is going to do. It s going to set every move server header to true okay. So those are the two commands okay..
.
Once you ve run those two commands we have to reset your ios. So within my power show. I m going to do an eye is reset hit enter resets the services and you re good to go now if you go back inside postman and you hit send. It s going to start sending the request and get the information from the server and if you go back inside headers you re going to see that the server is you know is disappeared it s not indicating that it is running an iis server version 100 to the world now another way to do this is to download url rewrite.
It is an extension for your i is i m going to provide the site for you so you guys could download it you re going to click on install this extension it s gonna download the exe file click on the little arrow showing folder. It s gonna open up my downloads folder and the reason why it s i had to click the little drop down because i m downloading everything we re gonna chrome so that s the reason where i could do this so i want to right click on the exe file running as an administrator. It s gonna start loading up that s a good thing wait when you get this part click on install it s going to prompt you another dialog box accept the terms it s gonna start installing uploading and once it s completed it s gonna give you this just click on finish when you get this right here just exit out if you had your eye is manager up and running when you is installing url rewrite. And it s not there most likely you have to just shut down or close the ias manager and then restart it again.
And if you go to your primary server. Node and you go inside the ias section. You re going to see url rewrite. So double click on it and once you double click on it on your right hand side.
Let s click on view server variables and we re going to click on add and we re going to create a new variable so we re going to call it with all caps response on the score server click ok awesome let s go back to rules click on add rules and the rule that we want to do is an outbound rule. Which is a blank room and click ok from here. Let s add the information so i m gonna give it a name and for the matching scope. I m gonna set it to a server variable for the variable name i m going to give it the variable name that we provided.
Which was response on the school server and for the pattern. It would be a period with a astrid. We re going to apply it you are going to get a little warning do not worry about that and then restart your eye is if you go back to postman hit. The sin is going to start sending the requests and you re going to see now on the header where it s a server.
It s blink now the first option that i gave you it kind of remove that server attribute on this. One it actually makes the. Server blink now if your site is running aspnet. My site is not but i m going to show you guys how to you know remove it within your site.
If you go inside the main routes of your server mine s is the quest inside that folder. I have a web config open it up with your favorite editor. I m going to right click on it and edit with notepad plus. Plus if you had aspnet.
You are able to add these following code you can add this following code. Within your web. Config file and save it restart your eye is and it should disappear. It now.
I made a mistake and the mistake was on this right here it should be http what a capital p protocol okay if i got to put an extra p not if your site has aspnet. Most likely it has this particular coding within the web config if it does what you want to do is make sure that you find the http runtime and add enable version header to false once you add that attribute within your http runtime. An able version header to ethan so false save the file restart your i is and then your aspnet should be gone for me i didn t have it within my website. But if you have it this is the way that you can actually remove it within your server header hopefully guys enjoyed this video leave comments right below don t forget about hitting that like button.
Make sure you subscribe and share the video and i catch you guys on ” ..
Thank you for watching all the articles on the topic Remove Server Response Header from IIS Website! . All shares of newyorkcityvoices.org are very good. We hope you are satisfied with the article. For any questions, please leave a comment below. Hopefully you guys support our website even more.
description:
“Here are some tips on removing the server response header information within your IIS website. nn#IIS #Website #BTNHDnnDon t forget guys, if you like this video please “Like”, “Favorite”, and “Share” it with your friends to show your support – it really helps us out! If there s something you d like to see on the channel, tweet us about it! See you next time :)rnrn********************************************************rnBTNHD GitHub Repo – https://btnhd.com/BTNHDGitHubrnJoin Newsletter – https://btnhd.com/JoinBTNHDNewsLetterrnrnFollow Me at Twitter: http://twitter.com/bjtechnewsrnHang Out: https://www.periscope.tv/bjtechnewsrnTech Site: http://bjtechnews.orgrnTwitch.tv: http://www.twitch.tv/t3chz3rornInstagram: http://instagram.com/bjtechnews#rnFacebook: http://facebook.com/bjtechnews”,
tags:
response header iis, remove response header, iis header, iis headers, hide response header, response headers, response headers http, iis host headers, url re…
