Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Oct 12, 2021 8:21:19 AM
Feb 4, 2019 1:42:26 PM
It is important to suppress as much information as possible from any potentially harmful user.
The server contains information identifying the technology being used and version numbers. This is not desirable because it increases the attack surface and could allow a malicious user to perform a spearheaded attack.
QlikView
Qlik Sense Enterprise on Windows
On Windows, whether that is server edition or regular, it is not very clear as to how to disable this header. These instructions aim to clarify and demonstrate how it could be done on either edition. Without disabling the header, the server gives information away regarding the technology it is utilizing, as seen below.
In order to stop the server from handing out information regarding the technology it is utilizing, we need to disable the “Server” header. This could be achieved in a number of ways. Instances running IIS could utilize “URLScan” or “Custom HTTP Rules”. However, this is not a universal solution and in the case of URLScan, it is required to install an add-on to IIS. As a result, the following method will only target the HTTP service which works on any version of Windows.
net stop HTTP
net start HTTP