Disclosed Server Signature

Posted By : Bipul Kumar Tiwari,

HTTP Headers are used to provide the web server with information to assist with handling the request. In order to examine the HTTP Headers sent from your browser to a web server and those returned from a web server back to the browser, you need to install a program or browser add-on that exposes such data.Fiddler it a free, stand-alone application .An attacker can craft an attack by using information obtained from server signature and other signatures.

By default, websites will include below identifying HTTP Headers:


1) Server:

                     Server: Microsoft-IIS/7.0
                    Server: Microsoft-IIS/7.5

2) X-Powered-By:

                    X-Powered-By: ASP.NET

3) X-AspNet-Version:

                     X-AspNet-Version: 4.0.30319

4) X-AspNetMvc-Version:

                    Specifies the version of MVC
                     Server: Microsoft-IIS/7.0
                     Server: Microsoft-IIS/7.5

Disclosed Server Signature

How to fix Disclosed Server Signature:


1) Removing Header Name (X-AspNet-Version) :

        In Web.config
X-AspNet-Version

2) Removing Header Name (X-AspNetMvc-Version)  :

        in global.asax
protected void Application_Start(object sender, EventArgs e)
{
MvcHandler.DisableMvcResponseHeader = true;
}

3) Removing Header Name (X-Powered-By):

X-Powered-By

Removing Header Name X-AspNet-Version , X-Powered-By , Server and X-AspNetMvc-Version in one place


Removing Header Name


Related Articles

 

About the Author

author
Its me BIPUL who is logically minded creative at heart , a good communicator , a self taught full stack developer. I constantly focuses on my thinking , reading , collecting and creating my work in a order to enhance my skills.

I discover new dimensions for growing bussiness with a proven record in creating database and programming. I have a strong technical skills as well as strong interpersonal skills. Read more...
 

Browse By Category

Popular Articles