Dezactivare / redenumire Server Header - IIS 7 - 8.5

Detalii
Categorie: Windows Server IIS

HTTP Headers este un proces esential in comunicarea dintre server si client din pacate Windows Server raspunde si cu Header-e care arata versiunea de server si care nu sunt obligatoriu necesare dar dezvaluie identitatea serverului.

Un header care nu este necesar dar este trimis de server este header-ul [Server:] care trimite versiunea serverului [ Server: Microsoft-IIS/7.0 ] catre client, care de obicei este un browser, exemplu:

 

SERVER RESPONSE: HTTP/1.1 200 OK
Cache-Control:no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma:no-cache
Content-Length:0
Content-Type:text/html; charset=utf-8
Expires:Wed, 17 Aug 2005 00:00:00GMT
Last-Modified:Tue, 10 May 2016 20:08:08 GMT
Server: Microsoft-IIS/7.0
X-Powered-By:ASP.NET, PHP 5.4
Date:Tue, 10 May 2016 20:08:08 GMT

 

  Din motive de securitate sau anonimitate poate ca se doreste dezactivarea, ascunderea sau redenumirea acestui Header. Acest lucru se poate face in felul urmator cu modulul URL Rewrite.

  Din consola IIS, Internet Information Services (IIS) Manager, in panoul din stanga Connections => Sites, selectam Sites => Nume.site (in exemplu: "Freepedia Zone") in fereastra din dreapta => Url Rewrite in panoul din dreapta selectam View Server Variables, selectam Add... In fereastra introducem variabila RESPONSE_SERVER :

 

Server variables fig.2

 

Repetam pasi anteriori dar acum vom selecta in panoul din dreapta Actions => Add rules(s)..

Url rewrite

Action add rule

 

Vom selecta Outbound Rule => Blank Rule :

Outbound rule blank

 

In fereasta Edit Outbound Rule setam:

Edit outbound rule

 

Precondition => <None>

Maching Scope => Server Variabile

Variable name => RESPONSE_SERVER

Variable value => Matches the Pattern

Using => Regular Expresions

Patern => .+

Action type => Rewrite

Value => Freepedia Zone - Server

Bifati: Ignore case si Replace existing server variable value

 

In sectiunea Action Properties la rubrica Value: treceti numele care il vreti pentru Header-ul cu care raspunde serverul [ Server: Freepedia Zone - Server ] sau nu treceti nimic si atunci serverul va raspunde cu un header gol sub forma "Server:"

Puteti adauga regula de rescriere a header-ului direct in fisierul web.config si evitati astfel sa faceti setarile in consola IIS care uneori pot fi incomode:

 

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <outboundRules>
            <rule name="Rename Server Header">
                <match serverVariable="RESPONSE_SERVER" pattern=".+" />
                <action type="Rewrite" value="Freepedia Zone - Server" />
            </rule>
        </outboundRules>
    </system.webServer>
</configuration>

 

In acest caz raspunsul serverului va avea aceasta forma:

 

SERVER RESPONSE: HTTP/1.1 200 OK
Cache-Control:no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma:no-cache
Content-Length:0
Content-Type:text/html; charset=utf-8
Expires:Wed, 17 Aug 2005 00:00:00GMT
Last-Modified:Tue, 10 May 2016 20:08:08 GMT
Server:Freepedia Zone - Server
X-Powered-By:ASP.NET, PHP 5.4
Date:Tue, 10 May 2016 20:08:08 GMT

 

  Daca se doreste ca Headerul sa nu trimita nicio informatie, atunci la action type nu treceti nimic, exemplu:

    <actiontype="Rewrite"value=""/>

 

  Serverul va raspunde cu un header (antet la cerere) in forma de mai jos:

 

SERVER RESPONSE: HTTP/1.1 200 OK
Cache-Control:no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma:no-cache
Content-Length:0
Content-Type:text/html; charset=utf-8
Expires:Wed, 17 Aug 2005 00:00:00GMT
Last-Modified:Tue, 10 May 2016 20:08:08 GMT
Server:
X-Powered-By:ASP.NET, PHP 5.4
Date:Tue, 10 May 2016 20:08:08 GMT