Howto Disable the Server Header in IIS
Steven Erat just pointed me to a technote from
Macromedia Adobe called: Configuring ColdFusion MX 7 Server Security in the comments of my securing apache config article. In the technote I found that you can disable the Server header on IIS by setting the
HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\DisableServerHeader registry entry to
Why is this a good idea? It makes you less of a target for attackers who scan IP ranges for particular servers. It won't actually make your server any more secure.
While you are securing your server, make sure you disable SSLv2 and other weak protocols and ciphers on IIS.
Like this? Follow me ↯Tweet Follow @pfreitag
Howto Disable the Server Header in IIS was first published on December 06, 2005.
If you like reading about iis, security, or windows then you might also like:
- Request Filtering in IIS 7 Howto
- IIS: Disabling Weak SSL Protocols and Ciphers
- SameSite Cookies with IIS
- Blocking .svn and .git Directories on Apache or IIS
- ColdFusion Lockdown Series - Multiple Partitions
- Changing the ColdFusion CFIDE Scripts Location
- Is your ColdFusion Administrator Actually Public?
- ColdFusion wsconfig Hotfix CVE-2009-1876 is for Apache Only