...
Code Block |
---|
<outboundRules> <!-- This rule changes the domain in the HTTP location header for redirection responses --> <rule name="Change Location Header"> <match serverVariable="RESPONSE_LOCATION" pattern="^<http://[^/]+/(.*)"> /> <conditions> <add input="{RESPONSE_STATUS}" pattern="^301" /> </conditions> <action type="Rewrite" value=""/> </rule> </outboundRules> |
Server
Code Block |
---|
<outboundRules rewriteBeforeCache="true"> <rule name="Remove Server header"> <match serverVariable="RESPONSE_Server" pattern=".+" /> <action type="Rewrite" value="" /> </rule> </outboundRules> |
ASP.NET Version
Code Block |
---|
<outboundRules rewriteBeforeCache="true"> <rule name="ChangeASPNETVersionHeader" patternSyntax="Wildcard"> <match serverVariable="RESPONSE_X-aspnet-version" pattern="*" /> <action type="Rewrite" value="" /> </rule> </outboundRules> |
X-Powered-By Header
Code Block |
---|
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol> |
To do this, the IIS URL rewrite module can be used to remove the headers from any response.
...
Custom error pages can be added to IIS to hide information disclosed when LocalMaps returns an error. This may affect other client applications and may make troubleshooting more difficult, but might be valuable to reduce the information which can be found publicly through any external facing LocalMaps site. For more information, please have a read through the Microsoft documentation at https://learn.microsoft.com/en-us/iis/configuration/system.webserver/httperrors/