Disable IIS 7.5 Banner Information

Below are the steps of how to fix the banner (version information) in IIS 7.5
  • Install the latest version of URLScan 3.1 (http://learn.iis.net/page.aspx/726/urlscan-overview/). Select the correct version as per your OS (64-bit or 32-bit)
  • The reference article to setup URLScan is http://learn.iis.net/page.aspx/475/urlscan-setup/
  • Enable ‘ISAPI Filters’ for your webserver. This is necessary for URLScan to be able to modify the sever parameters

 

  • Open the IIS Manger (inetmgr) module.
  • We select our ‘website’ from the left hand menu. A new option should be available called ‘ISAPI Filters’

 

  • In the ISAPI Filters module, we need to add a new filter. We define the filter name(e.g. DisableIISHeader). The executable to be selected is the URLScan DLL – available in usual location – C:\Windows\System32\inetsrv\urlscan\urlscan.dll
  • The filter is now active.
  • We will need to modify the URLScan parameter file (urlscan.ini). Default location is C:\Windows\System32\inetsrv\urlscan
  • Change the value of the ‘RemoveServerHeader’ parameter to 1
  • If all the steps went smoothly, we should be able to verify that the issue has been closed as shown below

 (Before URLScan ISAPI filter applied)

 

(After URLScan ISAPI filter is applied)

  • You can verify the issue with the following commands:
  • At the command prompt, type the following
    • $>telnet<ip_address><port>
    • $>HEAD / HTTP/1.0
    • (enter)
    • (enter)

 

  •  
  •  
  •  
  •  
  •  
  •  
  •  

1 Comment

Comments are closed.