In Windows Server, raspunsul serverului (response headers), cu Header-ul X-Powered-By care expune versiunea ASP.NET sau PHP, este un risc de securitate in sensul ca o persona rau intentionata avand la dispozitie aceste date poate incerca sa "hack-uiasca" respectivul server. Header-ul este afisat un mod normal sub acesta forma:
SERVER RESPONSE: HTTP/1.1 200 OK
Cache-Control:no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma:no-cache
Content-Length:0
Content-Type:text/html; charset=utf-8
Expires:Wed, 17 Aug 2005 00:00:00 GMT
Last-Modified:Tue, 10 May 2016 20:08:08 GMT
Server: Microsoft-IIS/7.0
X-Powered-By:ASP.NET, PHP/5.4
Date:Tue, 10 May 2016 20:08:08 GMT
Header-ul (antetul la cerere) X-Powered-By poate fi dezactivat sau redenumit destul de simplu in IIS server, pentru asta trebuie sa aveti instalat modulul URL Rewrite.
Mergeti la modulul HTTP Response Headers si stergeti Header-ul default X-Powered-By, preferabil sa o faceti din modulul principal (parinte).
Din consola IIS, Internet Information Services (IIS) Manager, in panoul din stanga Connections => Sites, selectam Sites => Nume.site (in exemplu: "Freepedia Zone") in fereastra din dreapta => Url Rewrite in panoul din dreapta selectam View Server Variables, selectam Add... In fereastra introducem variabila RESPONSE_X-POWERED-BY, exemplu:
Repetam procedura anterioara numai ca acum la final in panoul din dreapta selectam Actions => Add rules(s)..
In fereastra care apare selectati Outbound Rule => Blank Rule.
In fereasta Edit Outbound Rule setam:
Precondition => <None>
Maching Scope => Server Variabile
Variable name => RESPONSE_X-POWERED-BY
Variable value => Matches the Pattern
Using => Regular Expresions
Patern => .+
Action type => Rewrite
Value => Freepedia Zone - Server (aici treceti numele care il vreti pentru variabila X-POWERED-BY sau nu treceti nimic si atunci serverul va raspunde cu un header gol sub forma "X-POWERED-BY:" )
Bifati: Ignore case si Replace existing server variable value
Daca aveti instalat Modulul URL Rewrite, puteti adauga codul direct in fisierul web.config, fara sa mai fie necesar sa faceti setarile in consola IIS.
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<outboundRules>
<rule name="Rename X-PoweredBy Header">
<match serverVariable="RESPONSE_X-POWERED-BY" pattern=".+" />
<action type="Rewrite" value="Freepedia Zone - Server" />
</rule>
</outboundRules>
</system.webServer>
</configuration>
In acest caz raspunsul serverului va avea aceasta forma:
SERVER RESPONSE: HTTP/1.1 200 OK
Cache-Control:no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma:no-cache
Content-Length:0
Content-Type:text/html; charset=utf-8
Expires:Wed, 17 Aug 2005 00:00:00 GMT
Last-Modified:Tue, 10 May 2016 20:08:08 GMT
Server: Microsoft-IIS/7.0
X-Powered-By:Freepedia Zone - Server
Date:Tue, 10 May 2016 20:08:08 GMT
Daca se doreste ca Headerul sa nu trimita nicio informatie, atunci la action type nu treceti nimic, exemplu:
<action type="Rewrite"value=""/>
Serverul va raspunde cu un header (antet la cerere) in forma de mai jos:
SERVER RESPONSE: HTTP/1.1 200 OK
Cache-Control:no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma:no-cache
Content-Length:0
Content-Type:text/html; charset=utf-8
Expires:Wed, 17 Aug 2005 00:00:00 GMT
Last-Modified:Tue, 10 May 2016 20:08:08 GMT
Server: Microsoft-IIS/7.0
X-Powered-By:
Date:Tue, 10 May 2016 20:08:08 GMT