Remove Server header from IIS server

The purpose of this blog post is to discuss how to remove unwanted HTTP response headers from the response. Typically we have 3 response headers which many people want to remove for security reason.

  • Server – Specifies web server version.
  • X-Powered-By – Indicates that the website is “powered by ASP.NET.”
  • X-AspNet-Version – Specifies the version of ASP.NET used.

Before you go any further, you should evaluate whether or not you need to remove these headers. If you have decided to remove these headers because of a security scan on your site, you may want to read the following blog post by David Wang.

http://blogs.msdn.com/b/david.wang/archive/2006/03/29/silly-security-scans.aspx

If you would like to go ahead and remove the headers then follow the following options.

Server Header

There are three ways to remove the Server header from the response. The best one is to use the third option.

1. Using the Registry key.

Create a DWORD entry called DisableServerHeader in the following Registry key and set the value to 1.

HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters

image

After adding the Registry key, restart the HTTP service using the net stop http command and the net start http command. If the HTTP service doesn’t start up then use the iisresetcommand. If that also doesn’t work then you can restart the server.

Please note that this method is used only when the Server header comes as “Microsoft-HTTPAPI/2.0”.

When the request comes to IIS, it is first goes to http.sys driver. HTTP.SYS driver either handle the request on its own or send it to User mode for further processing. When the request goes to User mode that’s the time it returns the server header as “Microsoft-IIS/7.5.”.

However when the request returns from the HTTP.SYS driver then the server header comes as “Microsoft-HTTPAPI/2.0”. By placing the above registry key it will remove this specific header

If you would like to remove the Server header as “Microsoft-IIS/7.5.”, then follow the following methods.

2. Using the URLScan tool.

Install the URLScan in your machine. Please follow the following link for that

http://www.iis.net/downloads/microsoft/urlscan

After installing URLScan, open the URLScan.ini file typically located in the %WINDIR%\System32\Inetsrv\URLscan folder. After opening it, search for the keyRemoveServerHeader . By default it is set to 0, but to remove the Server header, change the value to 1.Doing so will remove the Server header Server: Microsoft-IIS/7.5 from the User mode response.

 

image

 

Please note that changes made by URLScan at global level apply to all of your sites. If you would like to setup this for particular site then look at the following article (site filter section)

http://www.iis.net/learn/extensions/working-with-urlscan/urlscan-setup

There are also some pitfalls to using URLScan. You can learn about those pitfalls at the following URL:

http://msdn.microsoft.com/en-us/library/ff648552.aspx#ht_urlscan_008

3. Using URLRewrite

If you don’t want to go with URLScan, you can use the URLRewrite module to remove the value of the Server header. Please note that it will not remove the header all together but it will remove the value of it.

Step 1. Install URLRewrite. To install the URLRewrite please go to the following link

http://www.iis.net/downloads/microsoft/url-rewrite

Step 2. Open the site on which you would like to remove the Server header and click on the URLRewrite section.

image

Step 4. Click on the “View Server Variables” in the Actions pane in the right hand side.

image

Step 5. Click on the Add button and then enter “RESPONSE_SERVER” in the textbox provided.

image

Step 6. Now we need to create an outbound rule. To know how to create an outbound rule, look at the following link

http://www.iis.net/learn/extensions/url-rewrite-module/creating-outbound-rules-for-url-rewrite-module

Step 7. Create an Outbound rule as the following.

image

Please note that this is a website-specific rule. If you want to create the rule for all of your applications, create the rule at the server level. Also, some applications, especially third party applications, may require the Server header, so you may need to remove this rule for those applications.

X-Powered-By

There are two ways to do remove this header as well. Second method would be the preferred one.

1. Using IIS HTTP Response headers.

Open the site which you would like to open and then click on the HTTP Response Headers option.

image 

Click on the X-Powered-By header and then click Remove on the Actions Pane to remove it from the response.

 

image

2. Using URLRewite Rule.

Please note that it will not remove the header all together but it will remove the value of it.

Step 1. Install URLRewrite. To install the URLRewrite please go to the following link

http://www.iis.net/downloads/microsoft/url-rewrite

Step 2. Open the site on which you would like to remove the X-Powered-By header and Click on the URLRewrite section.

image

Step 3. Click on the “View Server Variables” in the Actions pane in the right hand side.

image

Step 4. Click on the Add button and then enter “RESPONSE_X-POWERED-BY” in the textbox provided.

image

Step 5. Now we need to create an outbound rule. To know how to create an outbound rule, look at the following link

http://www.iis.net/learn/extensions/url-rewrite-module/creating-outbound-rules-for-url-rewrite-module

Step 6. Create an Outbound rule as the following

image

Please note that this is a website-specific rule. If you want to create the rule for all of your applications, create the rule at the server level. Also, some applications, especially third party applications, may require the x-powered-by header, so you may need to remove this rule for those applications.

X-AspNet-Version

There are two ways to do remove this header as well. Preferred one is the first one.

1. Using the httpRuntime element.

Add the following line in your web.config in the <system. Web> section

 

<httpRuntime enableVersionHeader=”false” />

 

2. Using an URLRewite rule.

Please note that it will not remove the header all together but it will remove the value of it.

Step 1. Install URLRewrite. To install the URLRewrite please go to the following link

http://www.iis.net/downloads/microsoft/url-rewrite

Step 2. Open the site on which you would like to remove the Server header and go to the URLRewrite section.

 

 

image

Step 3. Click on the “View Server Variables” in the Actions pane in the right hand side.

 

image

Step 4. Click on the Add button and then enter “RESPONSE_X-ASPNET-VERSION” in the textbox provided.

image

Step 5. Now we need to create an outbound rule. To know how to create an outbound rule, look at the following link

http://www.iis.net/learn/extensions/url-rewrite-module/creating-outbound-rules-for-url-rewrite-module

Step 6. Create an Outbound rule as the following.


image

Please note that this is a website-specific rule. If you want to create the rule for all of your applications, create the rule at the server level. Also, some applications, especially third party applications, may require the x-aspnet-version header, so you may need to remove this rule for those applications.

Posted in Uncategorized | Leave a comment

დინამიურ ჯგუფში გამონაკლისის გაკეთება, Exchange 2010

New-DynamicDistributionGroup -Name “სახელი” -OrganizationalUnit Users -RecipientFilter {((RecipientType -eq ‘UserMailbox’) -and -not(Name -like ‘იმ იუზერის სახელი და გვარი ვინც გინდა რომ არ მოხვდეს ჯგუფში’))}

Posted in Uncategorized | Comments Off on დინამიურ ჯგუფში გამონაკლისის გაკეთება, Exchange 2010

Configure CO IPTV on Mikrotik router

აქ მინდა რომ მოკლედ დავწერო თუ როგორ დავაკონფიგურიროთ მიკროტიკის როუტერი ისე რომ მან თავის თავზე აიღოს იმ სვიჩის ფუნქცია რასაც კავკასუსი ცალკე გვიყენებს IPTV-ის ინსტალაციის დროს. ეს არის მაგალითი Mikrotik RB951G-ზე, თუმცა როგორც ვიცი სხვა მოდელებზეც ანალოგიურად შეიძლება ამ ყველაფრის გაკეთება.

გთხოვთ გაითვალისწინოთ რომ ეს არის მხოლოდ ნაწილი სრული კონფიგურაციისა. ანუ აქ არის მოყვანილი მხოლოდ ის ნაბიჯები თუ როგორ ავამუშავოთ IPTV.

პირველ რიგში კომპიუტერს ვუწერთ სტატიკურ IP მისამართს (ნებისმიერს, მე გავუწერე 1.1.1.1) და Subnet Mask-ს (255.255.255.0) და ვუერთდებით მოწყობილობას Ethernet კაბელით.

შემდეგ ვხსნით  winbox-ს  და ვუკავშირდებით როუტერს.

connect

 

თუ თქვენ ვერ ხედავთ ჩამონათვალში MAC მისამართს დროებით “disable firewall”. 

ამის შემდეგ რეკომენდებულია რომ ზედ არსებული კონფიგურაცია განულდეს.

ამისათვის როუტერს ვარესეტებთ System > Reset Configuration.

გადატვირთვის შემდეგ ისევ ვუკავშირდებით და გამოდის შემდეგი შეტყობინება

1ვაწვებით Remove Configuration-ს.

მას შემდეგ რაც კიდევ ერთხელ გადაიტვირთება ჩვენი როუტერი შევდივართ Bridge > +  და ვქმნით ახალ ბრიჯს, ჩემს შემთხვევაში დავარქვი LAN.

LAN

შემდეგ გადავდივართ Ports და ვამატებთ იმ პორტებს რომლებსაც გამოვიყენებთ შიდა ქსელისთვის (ანუ აქ ვამატებთ ყველაფერს გარდა WAN და IPTV პორტებისა)

Bridge-Ports

 

ამით მივუთითე რომ შიდა ქსელისთვის მინდა გამოვიყენო შემდეგი პორტები ethernet2, ethernet3, ethernet4 და რა თქმა უნდა wlan1 (wifi).

ethernet1 გამოვიყენებ WAN პორტად, ხოლო ethernet5-ს IPTV-სთვის.

ამის შემდეგ შევდივართ Interfaces > ethernet5 და ვაკეთებთ შემდეგ ცვლილებას

IPTV-Port

 

ამ ყველაფრის შემდეგ ჩვენ უკვე გვაქვს IPTV.

დარჩა ინტერნეტი და wifi, რომლის კონფიგურაციის ინსტრუქციებიც მრავლადაა ინტერნეტში.

 

 

Posted in Uncategorized | Leave a comment

How to enable SSL on Apache Suse and Convert pfx

https://www.suse.com/documentation/sles11/book_sle_admin/data/sec_apache2_ssl.html

 

convert pfx for linux ssl certificates

openssl pkcs12 -in name.pfx -clcerts -nokeys -out name.cer

openssl pkcs12 -in name.pfx -nocerts -nodes -out name.key

Posted in Linux | Comments Off on How to enable SSL on Apache Suse and Convert pfx

Fail to Clean up the Source Mailbox After the Mailbox Move

Fail to Clean up the Source Mailbox After the Mailbox Move

Problem description:
=================
Fail to clean up the source mailbox after the mailbox move (Exchange 2010). I was running out of hard drive space on the virtual Hard drives that contained the Exchange databases. The easy solution would be to increase the size which I end up doing any ways. But I found this issue, It so happens that after I moved the mailboxes to a different database from the Exchange Management control neither the Available New Mailbox Space was increasing nor was I recuperating the hard drive space lost. The message I was receiving after the transfer was “ Warning: Failed to clean up the source mailbox after the move. Error details : Mapi Exception Unexpected Mailbox State: Unable to delete mailbox” In investigating the issue, I found out that I had more studs lingering from previous moves.

Solution
========================

  1. Clean stub mailbox manually

$aa=Get-MailboxStatistics -Database DB1| where {$_.DisconnectReason -eq “SoftDeleted”}

$aa | foreach {Remove-StoreMailbox -Database $_.database -Identity $_.mailboxguid -MailboxState SoftDeleted}

 1.	Clean stub mailbox manually

In General, In my troubleshooting with MS they explained that when the stub mailboxes are manually or automatically removed, the available new mailbox space is available for new data to be written without growing the size of the edb file, But the edb file will not shrink and that only after completing the White Space it will increase the edb file size requiring of course more space from the hard drive.

So, If you want to reclaim the space, there are two ways:

  • Create a new mailbox database and move all the mailboxes to that database ( time consuming )
  • Perform an offline defrag of the existing database to shrink the file (downtime)

In addition I was advised to install the Rollups which I already had to all of my exchange servers in the following order:

  1. Client Access server
  2. Hub Transport server
  3. Unified Messaging server
  4. Mailbox server

  Helpful Commands:
==================  
To get users mailbox list in an Exchange Database.
[PS] > Get-MailboxDatabase “DB1″ | Get-MailboxStatistics | Sort totalitemsize -desc | ft displayname, totalitemsize, itemcount

To view the available white space of the exchange databases.
[PS] >Get-MailboxDatabase -Status | Sort-Object DatabaseSize -Descending | Format-Table Name, DatabaseSize, AvailableNewMailboxSpace

To view SoftDeleted mailboxes
[PS] >Get-MailboxStatistics -Database DB1| Where { $_.DisconnectReason -eq “SoftDeleted” } | Format-List LegacyDN, DisplayName, MailboxGUID,DisconnectReason

Selecting the softDeleted mailbox using the MailboxGUID and remove the selected SoftDeleted mailbox
[PS] >$mb= Get-MailboxStatistics -Database DB1 | where {$_.MailboxGuid -like “########-####-####-####-############”}
[PS] >Remove-StoreMailbox -Database $mb.database -Identity $mb.mailboxguid -MailboxState softDeleted

Selecting all the soft deleted mailboxes
[PS] >$mbs= Get-MailboxStatistics -Database DB1 | where {$_.DisconnectReason -eq “SoftDeleted”}
[PS] >$mbs| foreach {Remove-StoreMailbox -Database $_.database -Identity $_.mailboxguid -MailboxState SoftDeleted}

Posted in Uncategorized | Leave a comment

How To Detect a New Hard Disk Without Rebooting VMware Linux Guest

In this how to, I assume you have already added in a new hard disk in your VMware Linux guest machine. You can detect the new hard disk or rescan entire SCSI bus without rebooting the VMware Linux guest. This how to has been tested on VMware ESXi 5.0 and CentOS 5.8 as the Linux guest.

 

Below image shown is a new hard disk add: –

Below image shown is output of “fdisk -l” before the new hard disk is added: –

Now, once the new hard disk is added, type the magic oneliner command below to detect the new hard disk or rescan the SCSI bus: –

ls /sys/class/scsi_host/ | while read host ; do echo "- - -" > /sys/class/scsi_host/$host/scan ; done

Below image shown is output of “fdisk -l” after the new hard disk is added and oneliner command above is run: –

You will see a new disk /dev/sdd as above. You can also verify the new hard disk using dmesg output as below: –

Posted in Linux, VMware | Comments Off on How To Detect a New Hard Disk Without Rebooting VMware Linux Guest

Restore Deleted Computer Account using AD Recycle Bin

Restore Deleted Computer Account using AD Recycle Bin

Posted on May 28, 2011 by falsufyani

Recently I ran in a situation where the Exchange 2007 CCR virtual Cluster name has been deleted without known reason. I tried to figure out the root cause but no luck. So I decided to restore the deleted object using AD Recycle Bin since we are running AD 2008 R2.

The 1st step in this process is to use the ldp.exe utility to ensure that the object is still in theDeleted Objects container. To do so, follow these steps:

To display the Deleted Objects container

To open Ldp.exe, click Start, click Run, and then type ldp.exe.

On the Options menu, click Controls.

In the Controls dialog box, expand the Load Predefined pull-down menu, clickReturn deleted objects, and then click OK.

To verify that the Deleted Objects container is displayed:

To connect and bind to the server that hosts the forest root domain of your AD DS environment, under Connections, click Connect, and then Bind.

Click View, click Tree, and in BaseDN, type DC=<mydomain>,DC=<com>, where <mydomain> and <com> represent the appropriate forest root domain name of your AD DS environment.

In the console tree, double-click the root distinguished name (also known as DN) and locate the CN=Deleted Objects, DC=<mydomain>,DC=<com>container, where <mydomain> and <com> represent the appropriate forest root domain name of your AD DS environment.

After confirm that the object is there. i switched to the PowerShell to restore it. i think it much easier if you know the required parameters. Here how to do so

Click Start, click Administrative Tools, right-click Active Directory Module for Windows PowerShell, and then click Run as administrator.

At the Active Directory module for Windows PowerShell command prompt, type the following command, and then press ENTER:

Get-ADObject -SearchBase “CN=Deleted Objects,DC=contoso,DC=com” -ldapFilter:”(msDs-lastKnownRDN=Mary)” –IncludeDeletedObjects –Properties lastKnownParent

All you need is ObjectGUID as a parameter to use in the powershell to restore the object back. here is the command:

Get-ADObject -Filter {ObjectGUID -eq “a1b38d67-6762-4d46-88f4-bf6d220303e6″} -IncludeDeletedObjects | Restore-ADObject

You should find this object restored in the Active Directory Users and Computers in the original location before it get deleted.

Posted in Uncategorized | Leave a comment

How to enable Battery Remaining Time on KDE

If you miss battery remaining time after moving from Gnome to KDE like me you can enable it by adding a widget.  “add widgets” -> “get new widgets” option and searching for the “Enhanced battery monitor”.

Posted in Linux | Tagged , , , , | Comments Off on How to enable Battery Remaining Time on KDE

Renew Fim cm agent certificate

1. Ran the certificate mmc as the clmAgent user.
2. Right-clicked on the expired certificate and selected “Request new certificate using same key”.
3. Backed up the web.config file, then put the thumbprint from the new certificate in the 3 locations (note: the thumbprint is not the same as the certificate I renewed from).

The 3 locations are
add key=”Clm.SigningCertificate.Hash”

add key=”Clm.ValidSigningCertificates.Hashes”
add key=”Clm.SmartCard.ExchangeCertificate.Hash”

4. IIS reset.

Posted in Uncategorized | Leave a comment

Exchange 2013 and Edge

On the Edge Server

New-EdgeSubscription -FileName “C:\EdgeSubscriptionInfo.xml”

 

 

On Exchange 2013 Server

New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path “C:\EdgeSubscriptionInfo.xml” -Read Count 0 -Encoding Byte)) -Site “Default-First-Site-Name” -CreateInternetSendConnector $true -CreateInboundSendConnector $true

 

Posted in Uncategorized | Leave a comment