As a best practice, create a custom blank server header for the Internet Information Services (IIS) server used with the Identity Appliance to limit the possibility of malicious attackers obtaining valuable information.

About this task

Procedure

  1. Open the C:\Windows\System32\inetsrv\urlscan\UrlScan.ini file in a text editor.
  2. Search for RemoveServerHeader=0 and change it to RemoveServerHeader=1.
  3. Save your changes and close the file.
  4. Restart the server by running the iisreset command.

What to do next

Disable the IIS X-Powered By header by removing HTTP Response headers from the list in the IIS Manager Console.

  1. Open the IIS Manager console.

  2. Open the HTTP Response Header and remove it from the list.

  3. Restart the server by running the iisreset command.