Howto Disable the Server Header in IIS
Steven Erat just pointed me to a technote from
Macromedia Adobe called: Configuring ColdFusion MX 7 Server Security in the comments of my securing apache config article. In the technote I found that you can disable the Server header on IIS by setting the
HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\DisableServerHeader registry entry to
Why is this a good idea? It makes you less of a target for attackers who scan IP ranges for particular servers. It won't actually make your server any more secure.
While you are securing your server, make sure you disable SSLv2 and other weak protocols and ciphers on IIS.
- Request Filtering in IIS 7 Howto - February 16, 2010
- IIS: Disabling Weak SSL Protocols and Ciphers - October 8, 2009
- Blocking .svn and .git Directories on Apache or IIS - October 15, 2013
- ColdFusion Lockdown Series - Multiple Partitions - April 21, 2011
- Changing the ColdFusion CFIDE Scripts Location - January 10, 2011
- Why is my cron.daily script not running?
- Announcing FuseGuard Version 3
- CFSummit 2017
- Java Unlimited Strength Crypto Policy for Java 9 or 1.8.0_151
- Java 9 Security Enhancements
- Upcoming CFML Conferences in April 2017
- CFSummit 2016 Slides
- Securing Legacy CFML - dev.Objective() 2016 Slides