Remove Server Response Header IIS7

Question

Is there any way to remove "Server" response header from IIS7? There are some articles showing that using HttpModules we can achieve the same thing. This will be helpful if we don't have admin right to server. Also I don't want to write ISAPI filter.

I have admin rights to my server. So I don't want to do the above stuff. So, please help me to do the same.

Answer 1

In IIS7 you have to use an HTTP module. Build the following as a class library in VS:

namespace StrongNamespace.HttpModules
{
    public class CustomHeaderModule : IHttpModule
    { 
        public void Init(HttpApplication context)
        {
            context.PreSendRequestHeaders += OnPreSendRequestHeaders;
        } 

        public void Dispose() { } 

        void OnPreSendRequestHeaders(object sender, EventArgs e)
        {
            HttpContext.Current.Response.Headers.Set("Server", "Box of Bolts");
        }
    }
}

Then add the following to your web.config, or you configure it within IIS (if you configure within IIS, the assembly must be in the GAC).

<configuration>
<system.webServer>
<modules>
<add name="CustomHeaderModule" type="StrongNamespace.HttpModules.CustomHeaderModule" />
</modules>
</system.webServer>
</configuration>

Answer 2

UrlScan can also remove the server header by using AlternateServerName= under [options].

Answer 3

Try setting the HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\DisableServerHeader registry entry to 1.