Howto Disable the Server Header in IIS
By Pete Freitag
Steven Erat just pointed me to a technote (http://www.macromedia.com/devnet/coldfusion/articles/cf7_security.html) from
Macromedia Adobe called: Configuring ColdFusion MX 7 Server Security in the comments of my securing apache config article. In the technote I found that you can disable the Server header on IIS by setting the
HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\DisableServerHeader registry entry to
Why is this a good idea? It makes you less of a target for attackers who scan IP ranges for particular servers. It won't actually make your server any more secure.
While you are securing your server, make sure you disable SSLv2 and other weak protocols and ciphers on IIS.
Howto Disable the Server Header in IIS was first published on December 06, 2005.
If you like reading about iis, security, or windows then you might also like:
- Request Filtering in IIS
- IIS: Disabling Weak SSL Protocols and Ciphers
- Remove the Server Header in any IIS Version
- SameSite Cookies with IIS
Weekly Security Advisories Email
Advisory Week is a new weekly email containing security advisories published by major software vendors (Adobe, Apple, Microsoft, etc).