DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 317741 - Last Review: July 7, 2008 - Revision: 3.1

This article was previously published under Q317741
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/prodtech/IIS.mspx (http://www.microsoft.com/technet/security/prodtech/IIS.mspx)
For more information about IIS 7.0, visit the following Microsoft Web site:
http://www.iis.net/default.aspx?tabid=1 (http://www.iis.net/default.aspx?tabid=1)

On This Page

SUMMARY

This step-by-step article describes how to prevent the Internet Information Server (IIS) or Internet Information Services (IIS) version information that the server header contains from being displayed either in a network trace or from the results of a telnet command. To prevent this information from being displayed, you can implement URLScan, a free utility that is available at the Microsoft security Web site.

View Information from Network Packet Capturing Software

When you run a network trace on a client, capture TCP packets, and then make a GET request to an IIS server from that same client, the following is displayed as a result of the information that is captured in the response from the IIS server:

In IIS 4.0:
HTTP: Server = Microsoft-IIS/4.0
In IIS 5.0:
HTTP: Server = Microsoft-IIS/5.0
To view this information:
  1. Start a network trace from a client computer with a utility such as Network Monitor.NOTE: To set up your network tracing software, you must know the IP address of the Web server that you are making a request to. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
    252876  (http://support.microsoft.com/kb/252876/EN-US/ ) How to View HTTP Data Frames Using Network Monitor
  2. Use a Web browser to request a page from an IIS Web server.
  3. When the page that you requested is loaded in your browser, stop the capture, filter on HTTP protocol traffic, and review the results. The manufacturer of the operating system and the version of the software that the Web server is using are displayed in the first HTTP response frame from the IIS server. Look for the response frame from the server to the client that is using port port number.

View Information from a Telnet Request

When you use a command prompt to telnet to the HTTP port of the IIS Web server, the banner includes the following information:

IIS 4.0:
server: Microsoft -IIS/4-0
IIS 5.0:
server: Microsoft -IIS/5.0
To perform a telnet request, type the following information at a command prompt:
telnet ip_address_of_web_server 80
Note the space between "telnet" and the IP address and the space between the IP address and "80".

If no banner is displayed immediately, press the ENTER key two times.

Mask the Server Header Information

To hide the server header information, download URLScan and then configure the Urlscan.ini file.

NOTE: The steps in this article only mask the server header information. This procedure does not prevent users from deducing from other information that is returned from Web pages that are served by an IIS Web server.

Install URLScan

URLScan, which you can install with the IIS Lockdown Tool, is an ISAPI filter that provides the Web server administrator with additional configuration options to secure the server. One configurable option is the RemoveServerHeader option. By default, this option is set to 0, or False.

To download the URLScan utility, visit the following Microsoft Web site:
Urlscan Security Tool
http://www.microsoft.com/downloads/details.aspx?FamilyID=12244f33-a5da-4203-a3a8-83f4388bb71f&DisplayLang=en (http://www.microsoft.com/downloads/details.aspx?FamilyID=12244f33-a5da-4203-a3a8-83f4388bb71f&DisplayLang=en)
By default, URLScan is installed in %systemroot%\System32\Inetsrv\UrlScan directory.

For additional information about how to install and configure URLScan, click the article number below to view the article in the Microsoft Knowledge Base:
307608  (http://support.microsoft.com/kb/307608/EN-US/ ) INFO: Availability of URLScan Version 2.5 Security Tool
To download the IIS Lockdown Tool, visit the following Microsoft Web site:
IIS Lockdown Tool
http://www.microsoft.com/technet/security/tools/locktool.mspx (http://www.microsoft.com/technet/security/tools/locktool.mspx)

Edit the Urlscan.ini File

  1. Stop the IISAdmin service, which will also stop all of the services that are dependent on it, such as the World Wide Web Publishing Service.
  2. In My Computer, locate the Urlscan folder. By default, this is located at %systemroot%\System32\Inetsrv\Urlscan.
  3. In Notepad or another text editor, open the Urlscan.ini file.
  4. Locate the following entry:
    RemoveServerHeader=0 
    					
  5. Modify this entry as follows:
    RemoveServerHeader=1
    					
  6. Save the file.
  7. Restart the World Wide Web Publishing service and all of the other services that were stopped when the IISAdmin service was stopped. Starting a service that runs under the IISAdmin service also starts the IISAdmin service.

REFERENCES

For additional information about URLScan and how URLScan affects other Web technologies, click the article numbers below to view the articles in the Microsoft Knowledge Base:
313489  (http://support.microsoft.com/kb/313489/EN-US/ ) You Can Place Content Headers in the Body of a Response If an ISAPI Filter Is Installed
307976  (http://support.microsoft.com/kb/307976/EN-US/ ) FP: Error Message When You Use FrontPage with URLScan
For more information, visit the following Microsoft Web site:
Security and Privacy
http://www.microsoft.com/security (http://www.microsoft.com/security)

APPLIES TO
  • Microsoft Internet Information Services 5.0
  • Microsoft Internet Information Server 4.0
Keywords: 
kbhowtomaster KB317741
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support