Application Request Routing and Server Headers "X-Powered-By: ARR/2.5"
Today I would like to talk about the headers that you get if you utilise Application Request Routing in your environment.
What is Application Request Routing?
If you haven’t used this IIS Extension then you’re in for a treat.
It’s a useful way of allowing you to define how your Web server environment will scale and handle requests.
It also allows you to build a Content Delivery Network and place your content on the edge of your network if needed.
https://www.iis.net/downloads/microsoft/application-request-routing has more on this and it also introduces by saying the following.
”IIS Application Request Routing (ARR) 2.5 enables Web server administrators, hosting providers, and Content Delivery Networks (CDNs) to increase Web application scalability and reliability through rule-based routing, client and host name affinity, load balancing of HTTP server requests, and distributed disk caching.”
When you configure Application Request Routing you will notice that it will send a header back in the request "X-Powered-By: ARR/2.5".
In your environment you might not want to send this header so there are a couple of different ways to remove.
How you remove it will depend on how you are using ARR.
ARR allows you to forward your HTTP Requests in two ways.
1) Reverse Proxy allows you to say that requests for www.contoso.com should be forwarded onto a different Web Server in your environment.
2) Web Farm Routing allows you to forward requests for www.contoso.com to a number of origin servers in your environment.
Here’s how to remove the header in each of those scenarios.
Removing the header in the reverse Proxy scenario.
Using AppCmd.exe disable the response header.
“appcmd.exe set config -section:system.webServer/proxy /arrResponseHeader:"False" /commit:apphost”
Removing the header in the Web Farm Scenario.
If you have a Web Farm called “Test1234” like I do then you can again use AppCmd.exe to disable the header.
”appcmd.exe set config -section:webFarms /[name='Test1234'].applicationRequestRouting.protocol.arrResponseHeader:"False" /commit:apphost”
How to verify that these are the right elements you should be editing.
The schema for ARR is in the C:\Windows\system32\inetsrv\config\schema\arr_schema.xml file.
If you look at this file you will see that this describes where the responseHeader elements reside.