How to remove the default WCF service page?

Scott S 1 Reputation point
2022-04-04T18:26:24.43+00:00

I have a WCF service hosted on IIS. This service is strictly for use by a thick client application. I am attempting to harden the site to limit hacking and following suggestions online have managed to remove and add headers as need to hide the fact it is IIS, ASP.NET, etc. BUT, I can't seem to find a way to eliminate the "help" page you get when you open the service url in a browser. That is the page that has the blue banner across the top with the word "Service" then the next line reads "This is a Windows© Communication Foundation service." and much more.
Yes, I understand there is nothing on the screen the divulges any service information, but the fact it presents this telling the caller it is WCF is information that might be leveraged.

How do I get this page to NOT show? And I mean without implementing a metadata endpoint because I do not want anything shown about the service.

Internet Information Services
.NET
.NET
Microsoft Technologies based on the .NET software framework.
3,549 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Lan Huang-MSFT 28,126 Reputation points Microsoft Vendor
    2022-04-05T02:07:20.497+00:00

    Hi @Scott S ,
    You can try setting http(s)HelpPageEnabled to false and http(s)GetEnabled to false in Web.config and remove the metadata endpoint before deploying.
    ServiceDebugBehavior.HttpHelpPageEnabled property: Gets or sets a value that controls whether WCF publishes an HTML help page at the address controlled by the HttpHelpPageUrl property.
    Example:

    <system.serviceModel>  
          <behaviors>  
             <serviceBehaviors>  
                <behavior>  
                   <serviceMetadata httpGetEnabled="false"  httpsGetEnabled="false"/>  
                   <serviceDebug httpHelpPageEnabled="false" httpsHelpPageEnabled="false"/>  
                </behavior>  
             </serviceBehaviors>  
          </behaviors>  
        </system.serviceModel>  
    

    Disable endpoint

    <!--   
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />  
    -->  
    

    Best regards,
    Lan Huang


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments