http://forums.iis.net/1031.aspxA forum aimed at helping understand IIS security such as Authentication, IP restrictions, and SSLenCommunityServer 2007 SP1 (Build: 20510.895)http://forums.iis.net/thread/1872875.aspxMon, 30 Jun 2008 12:06:08 GMT50bcf3b4-f6fe-4638-adff-0c150e922e99:1872875zerkat0http://forums.iis.net/thread/1872875.aspxhttp://forums.iis.net/commentrss.aspx?SectionID=1031&PostID=1872875<p>oh.....thanks....That makes sense. Probably something I should have already known. oh well, we all have those moments.</p>http://forums.iis.net/thread/1872807.aspxFri, 27 Jun 2008 20:19:49 GMT50bcf3b4-f6fe-4638-adff-0c150e922e99:1872807wadeh0http://forums.iis.net/thread/1872807.aspxhttp://forums.iis.net/commentrss.aspx?SectionID=1031&PostID=1872807<p>UrlScan can do this by setting RemoveServerHeader=1.</p> <p>If I understand correctly how you are trying to test this, I believe that your test is not valid.&nbsp; The SOFTWARE_VERSION, REMOTE_PORT, etc. server variables visible in ASP are not response headers.</p> <p>The proper way to test this is to use a sniffer tool to look at bits on the wire or a test client like wfetch that can show you the raw headers that the server returned.</p> <p>Thanks,</p> <p>-Wade</p>http://forums.iis.net/thread/1872801.aspxFri, 27 Jun 2008 19:24:39 GMT50bcf3b4-f6fe-4638-adff-0c150e922e99:1872801zerkat0http://forums.iis.net/thread/1872801.aspxhttp://forums.iis.net/commentrss.aspx?SectionID=1031&PostID=1872801<p>Is there a way to suppress the server software from being returned in the header? I am running IIS 6.</p> <p>I installed URLScan which will suppress the server header but the software version and ports still display. I have an ASP page that will return&nbsp;everything in the header to double check.&nbsp;Is there another tool or software that would accomplish this?</p> <p>Any advice on this matter would be greatly appreciated. </p>