0

In HTTP response I see some server headers that I need to filter at IIS level using Powershell. I know how to remove custom headers but I can't find a way to remove server headers.

Headers that I see in response.. Server type : XXXXXX Server version : XXXXXX Source : XXXXX Additional data : XXXXXX

This post explains how to remove custom headers and it works for me but I can't seem to find a way to rmeove server headers using powershell. How do I remove IIS custom header using Powershell?

SCH
  • 5
  • 2
  • 6

1 Answers1

2

Accoding to your description, I suggest you could try to use below powershell command to remove the IIS http response server header:

Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST/Default Web Site'  -filter "system.webServer/security/requestFiltering" -name "removeServerHeader" -value "True"
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST'  -filter "system.webServer/security/requestFiltering" -name "removeServerHeader" -value "True"

Notice:

The first being for the Default Web Site and the second will remove it from all web sites running on the server.

This is only worked from IIS10. If you use IIS8 or below, you could only use url rewrite to achieve your requirement.

Result:

enter image description here

Brando Zhang
  • 22,586
  • 6
  • 37
  • 65
  • This doesn't work for me for IIS10. I can execute the command but even after restarting this IIS I see server header in response. – SCH Jun 19 '19 at 21:41
  • Could you please tell me the details information about your server environment? I have run the powershell command on my server 2019 and it works well. I suggest you could try to use "Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webServer/security/requestFiltering" -name "removeServerHeader" -value "True" " this command and try again. – Brando Zhang Jun 20 '19 at 01:35
  • I looked at Windows 2016 and 2019, both versions have this variable. I ran just the second command on both. Before the change, I see a Server header in the response. After the change it is gone from both versions. Server 2012 R2 did not have this setting, so it appears to work on Windows 2016 and later. – Prof Von Lemongargle Sep 05 '19 at 17:18