locked
Remove IIS Server Header from SharePoint Site RRS feed

  • Question

  • Hi Team, 

    I am new to this site and was wondering how to remove IIS Server response header from one of the SharePoint site. 

    Strange part is that the version disclosure is only seen in Chrome  and not in IE.  When browsing the site in IE gives Error 404. but with Chrome displays the page as below. 

    HTTP/1.1 200 OK Server: Microsoft-IIS/7.5 Date: Tue, 17 Nov 2015 11:43:50 GMT Connection: close

    ================

    Tried disabling it using URL Rewrite rule by Microsoft and it doesn't show up in fiddler header tab , but when browsing site in Chrome it shows the above text. What I would like to know is Where DO I find that particular page in SharePoint 2010 and how do I disable it , either from SharePoint central admin, or designer or from DB ..

    Logged a ticket with Vendor and they say, its a custom application and that page inside the code and they don't support code fix.

    Currently there is no Application support and I am trying to fix it.

    regards

    Ahmed


    Tuesday, November 17, 2015 11:52 AM

Answers

  • Normally the requirement to remove header information is a security measure, although that reason doesn't really apply to SharePoint as the range of IIS platforms that it supports is widely known (thus obvious to a human attacker) and a standard (thus part of a standard package for script-kiddies). It's verging on security through obscurity which is almost always a bad idea as well as just a waste of time. Bluntly it's the sort of thing that you get out of a scripted penetration test suite that doesn't really consider if it's appropriate or useful to the situation.

    You might be doing it to reduce the traffic but it's probably the last place to look for data efficiency in 2010 unless you've already tackled javascript compression and the rest of the bigger wins.

    I haven't tried to do this but there's an article here on how to remove it:

    https://blogs.technet.microsoft.com/stefan_gossner/2008/03/12/iis-7-how-to-send-a-custom-server-http-header/


    • Edited by Alex Brassington Tuesday, November 17, 2015 12:07 PM
    • Proposed as answer by Victoria Xia Friday, December 4, 2015 1:43 AM
    • Marked as answer by Victoria Xia Saturday, December 5, 2015 12:52 PM
    Tuesday, November 17, 2015 12:06 PM