How to disable asp.net version and server information on HTTP Headers

-

Scenario:

We identified that the target web server is disclosing the ASP.NET version in its HTTP response. This information might help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of ASP.NET.

Impact:

An attacker might use the disclosed information to harvest specific security vulnerabilities for the version identified.

Solution

Disable the asp.net version and server information on http headers.
Open the web.config file and add this code in the web.config file :

<system.webServer>

    <httpProtocol>

        <customHeaders>

            <remove name="Server" />

            <remove name="X-AspNet-Version" /> 

            <remove name="X-AspNetMvc-Version" />

            <remove name="X-Powered-By" />                        

        </customHeaders>        

    </httpProtocol>

  </system.webServer>


You also need to remove the X-Powered-By headers on the IIS configuration.
  1. Open your IIS
  2. Open Http Response Headers
  3. Remove the X-Powered-By value.

By
NOTE : – If You have Found this post Helpful, I will appreciate if you can Share it on Facebook, Twitter and Other Social Media Sites. Thanks =)

Popular posts from this blog

How to create zip file to download in JSP- Servlet

-
Image
Hye, my previous post show that how to download zip file in ASP.NET ,. In this tutorial i will show the same thing, but in Jsp-Servlet. Note : In this tutorial i will use this library :- JSTL 1.1  The JSP File  <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <%@page contentType="text/html" pageEncoding="UTF-8"%> <!DOCTYPE html> <html>     <head>         <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">         <title>Download File As ZIP File</title>     </head>     <body>        <h1>Download File As ZIP File</h1>         ${DownloadMessage}         <br/>         <form action="<c:url value="/downloadFileServletZip" />" method="post" >             Default Path is server to download is D:\JAVA\dist\Output\             <input type="submit" name="bDownload"
Read more

How to create DataGrid or GridView in JSP - Servlet

-
Image
Hi there, today I will like to share my knowledge on creating basic Datagrid in JSP. This is my solution but not a permanent solution in all other cases. Maybe you can enhance this code to achieve your own objective. In this tutorial, I will use basic servlet and JSP. Note: In this tutorial, I will use this library:- MySQL JDBC Driver JSTL 1.1 the project will run on source JDK 7 This is the database table DROP TABLE IF EXISTS `blogtest`.`usersprofile`; CREATE TABLE  `blogtest`.`usersprofile` (   `userid` varchar(30) NOT NULL,   `firstName` varchar(45) NOT NULL,   `lastName` varchar(45) NOT NULL,   `emailAddress` varchar(45) NOT NULL,   PRIMARY KEY (`userid`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; INSERT INTO `usersprofile` VALUES ('Ahmad','Ahmad','Ahmad','Ahmad@gmail.com'), ('Ahmad1','Ahmad1','Ahmad1','Ahmad1@gmail.com'), ('Ahmad10','Ahmad10','Ahmad10','Ahmad10@gmail.com'), ('Ahmad11&#
Read more

Pinging in ASP.NET Example

-
Image
This tutorial will show you how to ping a hostname/ip using the .NET System.Net class, ASP.NET 2.0 and C#.NET. The .NET Framework offers a number of types that makes accessing resources on the network easy to use. To perform a simple ping, we will need to use the System.Net, System.Net.Network.Information, System.Text namespaces. using System.Net; using System.Net.NetworkInformation; using System.Text; ASPX Page  <asp:ScriptManager ID="ScriptManager1" runat="server">     </asp:ScriptManager>     <asp:UpdatePanel ID="UpdatePanel1" runat="server">         <ContentTemplate>             <table width="600" border="0" align="center" cellpadding="5" cellspacing="1" bgcolor="#cccccc">                 <tr>                     <td width="100" align="right" bgcolor="#eeeeee" class="header1">                         Ho
Read more