Use HTACCESS to Remove SERVER_SOFTWARE from ServerVariables - .htaccess

I am trying to remove SERVER_SOFTWARE from ServerVariables for security / PCI Compliance. We are running IIS 8.5 on Win Server 2012 R2 Standard.
I saw this, but it is modifying web.config. Host header (SERVER:) and URL Rewrite
I tried using "Header unset SOFTWARE" but i dont think it's being called correctly and I cannot figure out the correct setup. We are using Helicon ISAPI_Rewrite version 3.1.
Can this be done via HTACCESS?
I also tried doing the URL_REWRITE per here: https://port135.com/change-remove-response-headers/ I added the RESPONSE_Server variable, but it's still showing SERVER_SOFTWARE = Microsoft-IIS/8.5
Thanks.

Looks like I fixed this. For anyone that finds this, I just removed everything and put it back in place manually in web.config as the FIRST item inside the system.webServer - it did NOT work using URL Rewrite. Note - i was trying to replace with "0", but that could have been part of the issue as well, not sure. This EXACT web.config text worked:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<outboundRules rewriteBeforeCache="true">
<rule name="Remove Server header">
<match serverVariable="RESPONSE_Server" pattern=".+" />
<action type="Rewrite" value="" />
</rule>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>

Related

IIS reroute just one site to Apache

I'm trying to figure out how to reroute just one of our sites from IIS to Apache. I've followed several online tutorials and posts and nothing is working. I keep getting:
I've read that I need to do a reverse proxy using the URL Rewrite feature of IIS. So I did that and here are my settings:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<httpRedirect enabled="false" destination="" />
<rewrite>
<rules>
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="http://localhost:8088/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
Apache is on 8088 and if I hit localhost:8088, it works just fine. I've also added IUSR and IIS_IUSRS users to the directory permissions both having read and execute, list contents, and read permissions. I wouldn't think this would be that terribly hard.
When you need to rewrite IIS to apache, please remember to install ARR.
https://www.iis.net/downloads/microsoft/application-request-routing
Then please remember to enable Server node->application request routing cache->Server Proxy setting->Enable proxy.
Besides, could you access orchestrator.local without URL rewrite rule. Because, if this issue is caused by IIS, you should receive status code more than site can't be reached.

coldfusion IIS web.config for URL ReWrites getting 404 error

I have two separate websites on my server:
X:\Inetpub\wwwroot\MySite1\ and X:\Inetpub\wwwroot\MySite2.
I'm trying to set up some URL Rewrites, so I'm starting simple. I created a web.config file in X:\Inetpub\wwwroot\MySite1\web.config with the following code:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Contact" stopProcessing="true">
<match url="^contact$" />
<action type="Rewrite" url="/16_Contact.cfm" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
When someone enters the url "MySite1.com/contact", I want the browser to take them straight to "MySite1.com/16_Contact.cfm". But when I try it in a browser, I get a 404 error. I'm using an ancient version of Coldfusion (MX7), if that matters. Is there something obvious I'm missing?
It has been a while since I have used CF7, but I remember running into this issue, and it had something to do with the order in which CF and the rewrite module were added to the site in IIS.
First make sure your Coldfusion installation has the most recent patches, then try using the Web Server Configuration Tool that comes with Coldfusion to remove and re-add the Coldfusion modules/settings to your IIS site.

How can I get IIS to redirect to a virtual application if no path is specified?

My IIS setup has one site, bound to a domain. Let's call it: www.mydomain.com
The site folder itself is empty. This site hosts multiple applications and virtual directories. One of the applications is 'portal'.
What I want to do is accept any incoming request for www.mydomain.com or www.mydomain.com/ and redirect it to: www.mydomain.com/portal
I've got ARR and URL Rewrites up and running. I'm just not sure how to configure them for this.
A redirection rule like below will work.
Put the following web.config file to your web site's root folder. Or, update the existing one if you have.
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="toPortal" stopProcessing="true">
<match url="^$" />
<action type="Redirect" url="/portal" redirectType="Found" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
You may want look at this tutorial to learn how to create url rewrite rules with IIS Manager. These xml nodes are not coming from my brain too.

URL Rewrite IIS - Map From One Path To Another

I am playing with URL rewrite in IIS 7
The behaviour I want is when someone types in
[http://localhost/Sales]
they get redirected to [http://localhost/SalesDemo]
but they still see [http://localhost/Sales] in the browser URL
Is this possible?
The best way to achieve that would be to use Rewrite Maps in URL Rewrite Module.
Alternatively you could add rewrite section to your web.config file.
Web.config example:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Rewrite rule">
<match url="^Sales$" />
<action type="Rewrite" url="SalesDemo" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
Please note that the action type needs to be Rewrite (and not Redirect) if you still want to see /Sales in your browser.
I hope that will help.

Rewrite rules for response headers in IIS 7 (replacing the cookie path)

I have to port my web application from apache to IIS 7 and got into trouble with the proper configuration.
In the apache configuration, I configured some mod rewrite stuff (in order to communicate with an apache active mq) like this:
#Reverse-Proxy to ActiveMQ AJAX-Interface
ProxyPass /foo/bar/amq http://localhost:8161/foo/amq/
ProxyPassReverse /foo/bar/amq http://localhost:8161/foo/amq/
ProxyPassReverseCookiePath /foo /
I've tried to configure the IIS 7 by using ApplicationRequestRouting.
The rewrite rule in the request for replacing the /foo/bar to the localhost adress does already work, but I've some problems to define a rule for setting up the correct cookie path in the response.
I've already found an article about manipulating responses here.
For me, it looks like with II7 I can only manipulate the HTTP body of the response.
How can I manipulate the response header in a way to edit the cookie path?
The cookie path in the response header looks like this:
Set-Cookie: JSESSIONID=1lu7hn253csbh11jax27k2i072;Path=/foo
The Path should be edited to "Path=/".
Thank for your time and your help
Rolf
This should do it
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<outboundRules>
<remove name="Update Cookie Path" />
<rule name="Update Cookie Path">
<match serverVariable="RESPONSE_Set_Cookie" pattern="^(.*; path=/)foo$" />
<conditions />
<action type="Rewrite" value="{R:1}" />
</rule>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>
Check the more detailed reference.

Resources