Howto Disable the Server Header in IIS
Steven Erat just pointed me to a technote from
Macromedia Adobe called: Configuring ColdFusion MX 7 Server Security in the comments of my securing apache config article. In the technote I found that you can disable the Server header on IIS by setting the
HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\DisableServerHeader registry entry to
Why is this a good idea? It makes you less of a target for attackers who scan IP ranges for particular servers. It won't actually make your server any more secure.
While you are securing your server, make sure you disable SSLv2 and other weak protocols and ciphers on IIS.
You might also like:
- Request Filtering in IIS 7 Howto - February 16, 2010
- IIS: Disabling Weak SSL Protocols and Ciphers - October 8, 2009
- SameSite Cookies with IIS - May 14, 2018
- Blocking .svn and .git Directories on Apache or IIS - October 15, 2013
- ColdFusion Lockdown Series - Multiple Partitions - April 21, 2011
- Changing the ColdFusion CFIDE Scripts Location - January 10, 2011
- Is your ColdFusion Administrator Actually Public? - April 28, 2010
- ColdFusion wsconfig Hotfix CVE-2009-1876 is for Apache Only - August 20, 2009