If you are looking to remove the server header from your IIS, you will need to install URL Scan to be able to go through the settings.
UrlScan is a security tool used to restrict types of HTTP requests that IIS will process. It is a simple tool which is very helpful in blocking harmful requests to the server. It seemingly supports only IIS 5.1, IIS 6.0, and IIS 7.0 on Windows Vista and Windows Server 2008. It has been deprecated since IIS 7.5 and IIS 8. It is said that Microsoft has included the features of UrlScan in request filtering option for IIS 7.5 and IIS 8. But it definitely is not a match for the simplicity of UrlScan. Today I am going to show you how to configure UrlScan in IIS 7.5 and IIS8. (IIS 7.5 is available in Windows server 2008 R2 and IIS 8 is available in Windows Server 2012 and Windows 8 ).
Install the URLScan in your machine. Please follow the following link for that
When you are trying to install it on a new server, you might get an error saying:
IIS Metabase is required to install Microsoft UrlScan Filter v3.1
To fix this issue:
- Open Web Platform Installer
- Search for metabase and install “IIS: IIS 6 Metabase Compatibility”
- Then, select IIS ISAPI Filters. (ISAPI filters may already be installed in IIS 7.5 )
- Click on Install. You are shown a review of components you selected to install. Click on I accept.
- The components are installed and will show you a Finish screen. Click on Finish.
- To check installation, go in IIS and click on your server node.
- Click on ISAPI filters under IIS
After installing URLScan, open the URLScan.ini file typically located in the %WINDIR%\System32\Inetsrv\URLscan folder. After opening it, search for the key RemoveServerHeader . By default it is set to 0, but to remove the Server header, change the value to 1.
Doing so will remove the Server header Server: Microsoft-IIS/7.5 (8) from the User mode response.