Our compliance department wants us to remove the 'Server' header when someone hits our server via IP address. I don't know how to accomplish that, can someone help? To be clear, I know how to do this on a website we are hosting (e.g. www.example.com) I can configure IIS to return the following headers:
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Location: https://www.example.com/
Date: Fri, 25 Aug 2023 22:09:08 GMT
But if my site www.example.com is at IP address 1.2.3.4 then when I call http://1.2.3.4 I currently get the following headers back.
HTTP/1.1 404 Not Found
Content-Length: 315
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Fri, 25 Aug 2023 22:11:43 GMT
Connection: close
The problem I'm likely having is because 1.2.3.4 is not bound to any site IIS is defaulting to something else. Any ideas?
