Article ID: 317741 - View products that this article applies to.
This article was previously published under Q317741
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/prodtech/IIS.mspxFor more information about IIS 7.0, visit the following Microsoft Web site:
This step-by-step article describes how to prevent the Internet Information Server (IIS) or Internet Information Services (IIS) version information that the server header contains from being displayed either in a network trace or from the results of a telnet command. To prevent this information from being displayed, you can implement URLScan, a free utility that is available at the Microsoft security Web site.
In IIS 4.0:
In IIS 5.0:
HTTP: Server = Microsoft-IIS/4.0
To view this information:
HTTP: Server = Microsoft-IIS/5.0
server: Microsoft -IIS/4-0
To perform a telnet request, type the following information at a command prompt:
server: Microsoft -IIS/5.0
telnet ip_address_of_web_server 80Note the space between "telnet" and the IP address and the space between the IP address and "80".
If no banner is displayed immediately, press the ENTER key two times.
NOTE: The steps in this article only mask the server header information. This procedure does not prevent users from deducing from other information that is returned from Web pages that are served by an IIS Web server.
To download the URLScan utility, visit the following Microsoft Web site:
Urlscan Security ToolBy default, URLScan is installed in %systemroot%\System32\Inetsrv\UrlScan directory.
For additional information about how to install and configure URLScan, click the article number below to view the article in the Microsoft Knowledge Base:
307608To download the IIS Lockdown Tool, visit the following Microsoft Web site:
(https://support.microsoft.com/kb/307608/EN-US/ )INFO: Availability of URLScan Version 2.5 Security Tool
IIS Lockdown Tool
For additional information about URLScan and how URLScan affects other Web technologies, click the article numbers below to view the articles in the Microsoft Knowledge Base:
(https://support.microsoft.com/kb/313489/EN-US/ )You Can Place Content Headers in the Body of a Response If an ISAPI Filter Is Installed
307976For more information, visit the following Microsoft Web site:
(https://support.microsoft.com/kb/307976/EN-US/ )FP: Error Message When You Use FrontPage with URLScan
Security and Privacy
Article ID: 317741 - Last Review: July 7, 2008 - Revision: 3.1