You will often need to do the following to ensure your website is secure as possible, and stop the IIS version from been displayed when doing a scan on the server.
- Open “Internet Information Services (IIS) Manager“.
- If you want to apply the settings globally, click on your main server node: select IIS node
- Open the “Configuration Editor”
- To remove ‘x-aspnet-version‘ response header, go to
system.web >> httpRuntime >> enableVersionHeaderand set it to ‘false‘
- To remove the IIS ‘server’ response header, go to
system.webServer >> security >> requestFiltering >> removeServerHeaderand set it to ‘true‘
For setting the values per site, just click on the site you want to apply the changes, and select the Configuration Editor from there.
For example before you make the above changes a nmap scan may show
Following the above changes a nmap scan would show