This is not a vulnerability but this is an expected behavior.
You won't need to remove it, you could replace it with other value.
ASP.NET - Version Disclosure Issue vulnerability Windows 2019
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 97%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHN%3C/text%3E%3C/svg%3E)
Henry Niekoop
86
Reputation points
How do I disable ASP.NET - Version Disclosure Issue in Windows 2019 (Used with RD gateway portal)? If I remove the X-Powered-By ASP.NET http response headers in IIS the RD Gateway website no longer works.
Windows development | Internet Information Services
5 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 81%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
Reza-Ameri 45,816 Reputation points Volunteer Moderator2021-05-04T14:56:05.513+00:00 -
Henry Niekoop 86 Reputation points
2021-05-05T14:07:04.737+00:00 Yes, that is what I removed. At the server level. I forgot the exact error but the site was no longer working.
-
MotoX80 37,686 Reputation points2021-05-05T15:56:33.883+00:00 What about changing the value from ASP.NET to something meaningless like XXXXX or MVS\CICS.
Sign in to comment -
-
MotoX80 37,686 Reputation points
2021-05-05T14:04:33.027+00:00 If I remove the X-Powered-By ASP.NET http response headers in IIS the RD Gateway website no longer works.
Is this what you removed? What if you remove it at the server level instead of the site level?
What error do you get when it "no longer works"?
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 24%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESW%3C/text%3E%3C/svg%3E)
Sam Wu-MSFT 7,571 Reputation points Microsoft External Staff2021-05-05T05:52:08.017+00:00 Apply the following changes to your web.config file to prevent information leakage by using custom error pages and removing X-AspNet-Version from HTTP responses.
<System.Web> <httpRuntime enableVersionHeader="false" /> </customErrors> </System.Web>
If the answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
-
Henry Niekoop 86 Reputation points
2021-05-05T13:51:11.033+00:00 This is not working. I've rebooted it after applying it to the web.config file.
I get 500 - Internal server error.
There is a problem with the resource you are looking for, and it cannot be displayed.I just want to be clear this is for Windows 2019 with IIS 10.
-
Sam Wu-MSFT 7,571 Reputation points Microsoft External Staff
2021-05-07T06:51:31.29+00:00 @Henry Niekoop As far as I know, the ways to disable ASP.NET-Version Disclosure are the two mentioned in this topic. I suggest you solve the problem based on this 500 error.
Sign in to comment -
-
Henry Niekoop 86 Reputation points
2021-05-04T15:03:27.027+00:00 Thanks but can you please explain further? Can I change the value ASP.NET to anything let's say "XXXXX"?