I have hosted .Net application on IIS and want to hide IIS version from response header. It is working for dot net files with below steps,
Open the IIS Manager.
Select the Orion website.
3.Select "HTTP Response Headers"
Select the "X-AspNet-Version" HTTP header and select "Remove".
But not working for Jquery.js file
Please help with solution to hide IIS server information ("Server: Microsoft-IIS/10.0")
You could try to refer to the steps below that may help you disable the Server header.
Select the site in the IIS.
Go to Configuration Editor.
Set Remove Server Header to True.
Restart the site in the IIS.
Visit the site in the browser and see whether it removed the Server header.
Related
I try to make static content compression work for IIS but it's not working. I'm using Windows Server 2012 R2 Standard, and IIS 8.5.9600.16384.
I installed both static and dynamic content compression, and as you can see both are checked:
Also I went to configuration editor, and there I can see that JavaScript should be compressed:
But still I get no Content-Encoding HTTP header field in my response. What should I do?
Could you get dynamic compression work when you deploy a simple webform application in new IIS site?
As Lex said, Enable Failed request tracing would be the best way to troubleshooting this issue.
1.Install failed request tracing in add role and feature->Web Server->health and diagnostics->tracing
2.Open IIS manager->go to your site node->failed request tracing->add..->all content->status code 200->ensure WWW Server/compression has been checked->finish.
3.Edite site tracing->Enable
4.Open log file in C:\inetpub\logs\FailedReqLogFiles\W3SVC and check dynamic compression procedure.
https://blogs.msdn.microsoft.com/benjaminperkins/2016/06/15/lab-4-install-and-configure-failed-request-tracing/
I was getting "HTTP 403 error Microsoft Edge can’t get to this page", while launching an application from IIS in Windows 10. Please suggest a solution for this.
thanks
If all permissions are set and even though your website shows 403 forbidden, most likely the default page is not set for your website. With IIS, you can configure the default document as follows.
Connect to IIS.
Expand the sites and select the desired website.
From right hand side feature view, click on Default Document.
Set your desire default page and save the settings.
While you browse any website, IIS searches for the default page to be displayed. If the first default document is not available, IIS will look for the next default page from the list. When IIS is unable to find any match and directory listing is enabled for that particular website, IIS will show you the list of folders. If directory listing is disabled, IIS will return an HTTP Error 403 - Forbidden message to the browser.
If an empty application gives you a 403 I can think of two immediate reasons.
The permissions are wrong. You might need to give the application pool user (IIS AppPool\NAMEOFAPPPOOL with recommended configuration) read permission to the directory.
You don't have any content. If you try to access a directory in IIS you will get a 403. Add a file and try to access that directly, or a Default.aspx or index.html file to the directory you're trying to access.
My setup:
Windows Server 2012
IIS 8.5
SharePoint 2013
The SharePoint site is configured to requeire client certificate. If the user has no valid certificate or the password was wrong IIS returns error code 403 in response header. I would like IIS to return a custom error page instead where I could guide the user how to fix the issue.
There are just to many options where I can configure error pages. Which is the right one?
In IIS I have three possible sites to configure.
Default Web Site
My web application
My web aplication port 443
Custom errors in web.config
Error Pages in IIS
.Net Error Pages in IIS
I have tried some of these options but with no success. Can anybody help me?
Just edit the web.config file in your Visual Studio solution, modify the customErrors section and then check the file into Github to trigger a new deployment.
If you don't use VS, then find your web.config file. Worst case scenario you can edit it directly.
I had created a simple portal site for our internal users, just a CSS menu with our internal web services which then displayed in an iFrame. Worked well so far.
Our helpdesk software was GLPI running on APACHE on the same server and had no issues. We recently upgraded to the latest version and in the meantime I moved it to our new web apps server and switched to IIS. The 'portal' is still hosted on the old server.
When I updated the javascript for the iFrame to point to the new address, it looked like it worked, I could get the login screen for GLPI. After logging in however I just get stuck at a white screen. If I try it in IE I get the message:
This content cannot be displayed in a frame
To help protect the security of information you enter into this website, the publisher of this content does not allow it to be
displayed in a frame.
What you can try:
Open this content in a new window
It doesn't seem to be the iFrame itself as I can get the login page.
My question is, can anyone give me some ideas on where to look at this issue? I've checked the IIS logs on both sides and see no errors, GLPI reports no errors, neither does PHP.
GLPI is on IIS 8 on Server 2012
The 'portal' is on IIS 6 on server 2003
GLPI running on PHP 5.3.0
EDIT: I've looked into the X-FRAME issue and I'm pretty sure this is not it, servers are on the same domain and I am able to get to the login screen of the second server through the iFrame, just no content after that. If it was an issue with the frame or permissions I would expect to not get to the site at all?
The only header response currently in IIS is 'X-Powered-By --> ASP.NET' am I looking in the wrong spot?
The server is returning an X-Frame-Options header used to prevent ClickJacking. That header must be removed (or updated with an Allow-From directive that lists the framing page's origin) in order for the target page to be rendered as a subframe.
I'm not sure if this was a change in IIS 7 or if someone before me actively removed X-Server from the HTTP response headers but I need to be able to tell which server in the farm served the current page. I don't see X-Server in the custom variables section of IIS but I'm not sure if it was a custom variable in the first place or if it's in the defaults and it's been disabled via web.config. How do I get my headers back?
You can use custom headers (http://www.iis.net/ConfigReference/system.webServer/httpProtocol/customHeaders) to add any header you like.