2/19/2014 5:26:09 AM
We had our SecretServer reviewed for security and some of the findings were that we should filter some of the HTTP Headers, particularily the SERVER, X-POWERED-BY and the X-ASPNET-VERSION headers.
I have removed the X-POWERED-BY header using the built-in "Request Filtering" of IIS without any issues.
The other two headers (SERVER and X-ASPNET-VERSION) I have filtered using the IIS URL Rewrite module, as described here:
However, this made the SecretServer Dashboard disappear.
Did anybody experience the same issue?
Was anybody successul using another approach of header filtering, f.e. using URLScan ?
Or are these headers a requirement of SecretServer to run properly? I can't figure out why though ...
Thanks for your feedback