I have applied outbound rules for RESPONSE_SERVER and RESPONSE_X-POWERED-BY in my IIS server as mentioned in
https://www.saotn.org/remove-iis-server-version-http-response-header/ to hide the server name in the http response headers. Working perfectly fine with 404 response code but
not with 411. Please let me know how to fix this.
It is recommended that you set up a reverse proxy in front (like nginx) if you do want to manipulate certain headers. IIS URL Rewrite rules come too late in the processing pipeline, so they cannot modify the headers if the responses already are generated
and returned by HTTP.sys.
Lex Li
https://lextudio.com
---------------------------
This posting is provided "AS IS" with no warranties, and confers no rights.
If you monitor the request with 411 response, you will see the server is Microsoft- HTTPAPI instead o IIS. The request will never reach IIS. So the Server is blocked and returned from http.sys http api level.
To disable, please go to HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters and create a DWORD named DisableServerHeader. Then set the value to 1.
Please remember to reboot the server, then you will no longer see this header.
If the reply is helpful, it is appreciated if you could mark it as answer.
Best Regards,
Jokies Ding
Yuk Ding
MSDN Community Support
Please remember to "Mark as Answer" the responses that resolved your issue.
1 Post
server name disclosed even after applying outbound rules
Oct 17, 2019 10:52 AM|chanchalkhadse|LINK
I have applied outbound rules for RESPONSE_SERVER and RESPONSE_X-POWERED-BY in my IIS server as mentioned in https://www.saotn.org/remove-iis-server-version-http-response-header/ to hide the server name in the http response headers. Working perfectly fine with 404 response code but not with 411. Please let me know how to fix this.
Thanks in advance.
8518 Posts
MVP
Re: server name disclosed even after applying outbound rules
Oct 18, 2019 01:32 AM|lextm|LINK
It is recommended that you set up a reverse proxy in front (like nginx) if you do want to manipulate certain headers. IIS URL Rewrite rules come too late in the processing pipeline, so they cannot modify the headers if the responses already are generated and returned by HTTP.sys.
https://lextudio.com
---------------------------
This posting is provided "AS IS" with no warranties, and confers no rights.
3750 Posts
Microsoft
Re: server name disclosed even after applying outbound rules
Oct 18, 2019 03:01 AM|Yuk Ding|LINK
Hi chanchlkhadse,
If you monitor the request with 411 response, you will see the server is Microsoft- HTTPAPI instead o IIS. The request will never reach IIS. So the Server is blocked and returned from http.sys http api level.
To disable, please go to HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters and create a DWORD named DisableServerHeader. Then set the value to 1.
Please remember to reboot the server, then you will no longer see this header.
If the reply is helpful, it is appreciated if you could mark it as answer.
Best Regards,
Jokies Ding
MSDN Community Support
Please remember to "Mark as Answer" the responses that resolved your issue.