Howto Disable the Server Header in IIS
Steven Erat just pointed me to a technote (http://www.macromedia.com/devnet/coldfusion/articles/cf7_security.html) from Macromedia Adobe called: Configuring ColdFusion MX 7 Server Security in the comments of my securing apache config article. In the technote I found that you can disable the Server header on IIS by setting the HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\DisableServerHeader
registry entry to 1
.
Why is this a good idea? It makes you less of a target for attackers who scan IP ranges for particular servers. It won't actually make your server any more secure.
While you are securing your server, make sure you disable SSLv2 and other weak protocols and ciphers on IIS.
Like this? Follow me ↯
Tweet Follow @pfreitagHowto Disable the Server Header in IIS was first published on December 06, 2005.
If you like reading about iis, security, or windows then you might also like:
- Request Filtering in IIS 7 Howto
- IIS: Disabling Weak SSL Protocols and Ciphers
- SameSite Cookies with IIS
- Blocking .svn and .git Directories on Apache or IIS
- ColdFusion Lockdown Series - Multiple Partitions
- Changing the ColdFusion CFIDE Scripts Location
- Is your ColdFusion Administrator Actually Public?
- ColdFusion wsconfig Hotfix CVE-2009-1876 is for Apache Only
Want Security Advisories via Email?
Advisory Week is a new weekly email containing security advisories published by major software vendors (Adobe, Apple, Microsoft, etc).
Comments
http://www.servermask.com