> Others say you have to change the "RemoveServerHeader" > and "AlternateServerName" attributes.
I don't know why anyone would say you have to change those, but you might want to. By doing that, your server will not report itself as IIS; you could, for example, have it report itself as "DaveWWW Server". By itself, of course, this won't lessen your server's vulnerability, just the likelihood that someone will use IIS-specific attacks against it. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ______________________________________________________________________ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm ------------------------------------------------------------------------------ To unsubscribe, send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body or visit the list page at www.houseoffusion.com
