Views:

TMCM/Apex Central can be hardened through the use of the URL Rewrite module of IIS, since TMCM/Apex Central was built on IIS. To install and use the URL Rewrite module, follow the steps below:

  1. Download and install URL rewrite module.
  2. Open the site on which you would like (in this case, choose Control Manager/Apex Central web site) to hide the X-AspNet-Version and server header values and click on the URLRewrite section.

    URL Rewrite

  3. Click on the View Server Variables in the Actions pane in the right-hand side.
  4. In the View Server Variables page, do the following:
    1. Click on the Add button, and then enter "RESPONSE_X-ASPNET-VERSION" in the textbox provided.
    2. Click on the Add button, and then enter "RESPONSE_SERVER" in the textbox provided.

    Server Variables

  5. Add two rules:
    1. Click Add Rule(s) and choose Outbound rules > Blank rule. Then set the following:
      • "Precondition" as "None"
      • "Matching scope" as "Server Variable"
      • "Variable name" as "RESPONSE_X-ASPNET-VERSION"
      • "Using" as "Regular Expressions"
      • "Pattern" as ".*"

      Outbound Rule - ASP Version

    2. Apply the rule.
    3. Click Add Rule(s) and choose Outbound rules > Blank rule. Then set the following:
      • "Precondition" as "None"
      • "Matching scope" as "Server Variable"
      • "Variable name" as "RESPONSE_SERVER"
      • "Using" as "Regular Expressions"
      • "Pattern" as ".*"

      Outbound Rule - Server Version

    4. Apply the rule.
Keywords: headers are displaying the server version,aps version displayed in header,avoid disclosing server info in header,prevent display of asp version in header