Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Preventing Control Manager / Apex Central discloses server and ASP version used in the headers

    • Updated:
    • 15 May 2019
    • Product/Version:
    • Apex Central 2019.All
    • Apex Central All.All
    • Control Manager 7.0
    • Platform:
    • N/A N/A
Summary

This article discusses how to harden TMCM or Apex Central, and prevent it from disclosing server/ASP version information in the headers.

Details
Public

TMCM/Apex Central can be hardened through the use of the URL Rewrite module of IIS, since TMCM/Apex Central was built on IIS. To install and use the URL Rewrite module, follow the steps below:

  1. Download and install URL rewrite module.
  2. Open the site on which you would like (in this case, choose Control Manager/Apex Central web site) to hide the X-AspNet-Version and server header values and click on the URLRewrite section.

    URL Rewrite

  3. Click on the View Server Variables in the Actions pane in the right-hand side.
  4. In the View Server Variables page, do the following:
    1. Click on the Add button, and then enter "RESPONSE_X-ASPNET-VERSION" in the textbox provided.
    2. Click on the Add button, and then enter "RESPONSE_SERVER" in the textbox provided.

    Server Variables

  5. Add two rules:
    1. Click Add Rule(s) and choose Outbound rules > Blank rule. Then set the following:
      • "Precondition" as "None"
      • "Matching scope" as "Server Variable"
      • "Variable name" as "RESPONSE_X-ASPNET-VERSION"
      • "Using" as "Regular Expressions"
      • "Pattern" as ".*"

      Outbound Rule - ASP Version

    2. Apply the rule.
    3. Click Add Rule(s) and choose Outbound rules > Blank rule. Then set the following:
      • "Precondition" as "None"
      • "Matching scope" as "Server Variable"
      • "Variable name" as "RESPONSE_SERVER"
      • "Using" as "Regular Expressions"
      • "Pattern" as ".*"

      Outbound Rule - Server Version

    4. Apply the rule.
Premium
Test Now
Internal
Rating:
Category:
Configure
Solution Id:
1122663
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.