Fixing “IIS Metabase is required to install Microsoft UrlScan Filter v3.1”

If you are looking to remove the server header from your IIS, you will need to install URL Scan to be able to go through the settings.

UrlScan is a security tool used to restrict types of HTTP requests that IIS will process. It is a simple tool which is very helpful in blocking harmful requests to the server. It seemingly supports only IIS 5.1, IIS 6.0, and IIS 7.0 on Windows Vista and Windows Server 2008. It has been deprecated since IIS 7.5 and IIS 8. It is said that Microsoft has included the features of UrlScan in request filtering option for IIS 7.5 and IIS 8. But it definitely is not a match for the simplicity of UrlScan. Today I am going to show you how to configure UrlScan in IIS 7.5 and IIS8. (IIS 7.5 is available in Windows server 2008 R2 and IIS 8 is available in Windows Server 2012 and Windows 8 ).

Install the URLScan in your machine. Please follow the following link for that

http://www.iis.net/downloads/microsoft/urlscan

When you are trying to install it on a new server, you might get an error saying:

IIS Metabase is required to install Microsoft UrlScan Filter v3.1

To fix this issue:

  1. Open Web Platform Installer
  2. Search for metabase and install “IIS: IIS 6 Metabase Compatibility”
  3. Then, select IIS ISAPI Filters. (ISAPI filters may already be installed in IIS 7.5 )
  4. Click on Install. You are shown a review of components you selected to install. Click on I accept.
  5. The components are installed and will show you a Finish screen. Click on Finish.
  6. To check installation, go in IIS and click on your server node.
  7. Click on ISAPI filters under IIS

After installing URLScan, open the URLScan.ini file typically located in the %WINDIR%\System32\Inetsrv\URLscan folder. After opening it, search for the key RemoveServerHeader . By default it is set to 0, but to remove the Server header, change the value to 1.

Doing so will remove the Server header Server: Microsoft-IIS/7.5 (8) from the User mode response.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.