This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 97%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHN%3C/text%3E%3C/svg%3E)
How do I disable ASP.NET - Version Disclosure Issue in Windows 2019 (Used with RD gateway portal)? If I remove the X-Powered-By ASP.NET http response headers in IIS the RD Gateway website no longer works.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 81%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
This is not a vulnerability but this is an expected behavior.
You won't need to remove it, you could replace it with other value.
Thanks but can you please explain further? Can I change the value ASP.NET to anything let's say "XXXXX"?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 24%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESW%3C/text%3E%3C/svg%3E)
Apply the following changes to your web.config file to prevent information leakage by using custom error pages and removing X-AspNet-Version from HTTP responses.
<System.Web>
<httpRuntime enableVersionHeader="false" />
</customErrors>
</System.Web>
If the answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
This is not working. I've rebooted it after applying it to the web.config file.
I get 500 - Internal server error.
There is a problem with the resource you are looking for, and it cannot be displayed.
I just want to be clear this is for Windows 2019 with IIS 10.
@Henry Niekoop As far as I know, the ways to disable ASP.NET-Version Disclosure are the two mentioned in this topic. I suggest you solve the problem based on this 500 error.
If I remove the X-Powered-By ASP.NET http response headers in IIS the RD Gateway website no longer works.
Is this what you removed? What if you remove it at the server level instead of the site level?
What error do you get when it "no longer works"?
Yes, that is what I removed. At the server level. I forgot the exact error but the site was no longer working.
What about changing the value from ASP.NET to something meaningless like XXXXX or MVS\CICS.