2020 R1Archive
  • All Files

This page is not yet available in your language.

Disable IIS header information

For security purposes, Milestone recommends that you disable the X-Powered-By HTTP and X-AspNet-Version headers.

The HTTP header X-Powered-By reveals the version of IIS being used on the server. Disable this header by doing the following:

  1. Open the IIS Manager.
  2. Select the Default website.
  3. Select HTTP Response Headers.
  4. Select the X-Powered-By HTTP header and select Remove.

The HTTP header X-AspNet-Version reveals the version of ASP.NET being used by the Management Server application pool. Disable this header by doing the following:

  1. Open the web.config file located in %windir%\Microsoft.NET\Framework\v4.0.30319\CONFIG.
  2. After the <system.web> tag, add this: <httpRuntime enableVersionHeader="false" />
  3. Save the file.

The SERVER header variable should not be removed, because it will cause functionality within Management Server to break.