7.6 Remove details of the IIS server
Edit the web.config file on these websites:
- MyID: C:\Program Files\Intercede\MyID\Web\
- MyIDDataSource: C:\Program Files\Intercede\MyID\SSP\MyIDDataSource\Web.config
- MyIDProcessDriver: C:\Program Files\Intercede\MyID\SSP\MyIDProcessDriver\Web.config
If the file does not exist, you must create it. If the file already exists, merge the additional changes below into the existing content.
Note: Older versions of MyID may contain a web service called CertificateCheck. You must make the same changes on this website if it exists.
Install URL Rewrite from Microsoft's iis.net website:
www.iis.net/downloads/microsoft/url-rewrite
7.6.1 Remove the Server header
Copy
<configuration>
<system.webServer>
<security>
<requestFiltering removeServerHeader="true" />
</security>
</system.webServer>
</configuration>7.6.2 Remove the X-Powered-By header
Copy
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>7.6.3 Remove the X-AspNet-Version header
Copy
<configuration>
<system.webServer>
<rewrite>
<outboundRules>
<rule name="Remove Server">
<match serverVariable="RESPONSE_X_AspNet_Version" pattern=".*" />
<action type="Rewrite" />
</rule>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>7.6.4 Recommendations
You are recommended to set up IIS to prevent this information from being provided.