khadem1386 Posted September 1, 2011 Share Posted September 1, 2011 My site is based on ASP3I get some notice about security of my site:--Information Leakage--discriptions:Your site, web server discloses version numbers and architecture information within the HTTP response headers.So The following HTTP Headers are attached to every HTTP response from the your site application. This information helps an attacker profile the application architecture of your site and may point towards existing vulnerabilities.Server: Microsoft-IIS/6.0X-Powered-By: ASP.NETand you must :Remove identifying information from the HTTP response headers.Is there any code in asp3 to manage number and type of my HTTP response headers?or this matter set only By IIS.I am using a shared server.Thank you very much for your help Link to comment Share on other sites More sharing options...
justsomeguy Posted September 1, 2011 Share Posted September 1, 2011 Those are settings on the server and ASP. You can't write code to stop the server from sending headers, you can only tell it to send them. You may be able to overwrite those headers with other values, and if you do that the server may see you sending headers with the same name and will use your headers instead of sending its own. Link to comment Share on other sites More sharing options...
khadem1386 Posted September 2, 2011 Author Share Posted September 2, 2011 You may be able to overwrite those headers with other valuescould you please write some code as example? is it true?Response.AddHeader "AUTH_PASSWORD","XXX" What headers are important to avoid of hacking. and improveing security? and if you do that the server may see you sending headersin the other hand you use "MAY" in your sentences.is it your meaning "Perhaps" and "may be"?Did you try it before?And what about if I could use asp.net?Thank you very much Link to comment Share on other sites More sharing options...
justsomeguy Posted September 2, 2011 Share Posted September 2, 2011 Have ASP send headers called Server and X-Powered-By, and set them to some nonsense value. The server may see that you've sent those headers, and it won't replace them with its own. I say it "may" because I haven't tried that with ASP or ASP.NET, so I don't know how the server will behave. As long as you're not sending any sensitive information in headers they don't matter in terms of hacking and security. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.