We are excited to announce that the IIS.NET Forums are moving to the new Microsoft Q&A experience. Learn more >

View Complete Thread
  • http.sys response header

    Jan 24, 2021 09:28 PM|maxmayer|LINK

    The IIS http.sys kernel driver intervenes to block possible malicious URLs, for example this URL https://domain.ext/%2E%2E%2fconsole.portal is blocked with issuing a 403 error (Forbidden URL).

    Is it possible to somehow control the HTTP response headers issued by http.sys? At the moment the http.sys documentation states that you can only check the Server header https://docs.microsoft.com/en-us/troubleshoot/iis/httpsys-registry-windows

    I'm currently using IIS10 on Windows Server 2019.