Shulou(Shulou.com)06/02 Report--

I. the name of the vulnerability

Vulnerability name

Vulnerability summary

Repair suggestion

Web server HTTP header information disclosure

The remote Web server exposes information through HTTP headers.

Modify the HTTP header of the Web server to not expose details about the underlying Web server.

Note: when deploying a website on iis7, the http response header X-Powered-By is turned on and is not necessary. When the response header is stored, the programming language of the website is exposed. This response header is not necessary and can be modified or deleted.

Second, install IIS 6 to manage compatibility

Right-click [role] [Web Server (IIS)], click "add role Services", check "IIS 6 Management compatibility", and click next to install.

Third, install urlscan_v31_x64

1. Install urlscan3.1

2. Install UrlScan3.1 and modify the configuration file C:\ Windows\ System32\ inetsrv\ UrlScan\ UrlScan.ini using the features of UrlScan3.1

RemoveServerHeader=1; If 1, removethe 'Server' header from

; response. Thedefault is 0.

Or

RemoveServerHeader=0; do not display Server when changed to 1

AlternateServerName=; if RemoveServerHeader=0 can be defined by itself

Change the original RemoveServerHeader=0 to 1 and restart the system.

4. Use the IE browser to view the response header and log in using IE. Click "F12 developer tools" to view the response header.

After setting up, the response header has no "X-Powered-By"

Before it is configured, you can view "X-Powered-By:ASP.Net"

Use Google chrome to view response headers

On the chrome page, right-click and click the "check" option.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.