As cyber attacks are becoming more common in today’s world. Security becomes a basic needs of all organizations . Thus I started a security section for my thoughts to gather upon.

It’s a security risk to leak your important IIS and ASP.NET version numbers as your complete environment may rely on them. While this information can be disable in IIS configuration, it is more a concern for your front-end load-balancer i.e. HA-Proxy. The reason why I have considered this approach is because the headers can be useful debugging on the internal LAN or VPN inside your organization. Only when the headers are about to touch the outer world then they become more dangerous. Therefore:

Security unconscious folk need not to play with the code.

frontend Public-HTTP

  # Remove headers that expose version and tools related sensitive information.
  rspidel ^Server:.*$
  rspidel ^X-Powered-By:.*$
  rspidel ^X-AspNet-Version:.*$ 
  rspidel ^X-XSS-Protection:.*$

Now go ahead and reload your Ha-Proxy service and you are good to go now.

Have a Secure Surfing…!!!

Leave a Comment

Your email address will not be published. Required fields are marked *