Does that work? We just bought IISmask from www.port80.com software not so long ago to remove the headers form IIS. Can UrlScan do the same thing....for free?
Brook Davies logiforms.com At 02:44 PM 2/11/2003 -0500, you wrote: > > Others say you have to change the "RemoveServerHeader" > > and "AlternateServerName" attributes. > >I don't know why anyone would say you have to change those, but you might >want to. By doing that, your server will not report itself as IIS; you >could, for example, have it report itself as "DaveWWW Server". By itself, of >course, this won't lessen your server's vulnerability, just the likelihood >that someone will use IIS-specific attacks against it. > >Dave Watts, CTO, Fig Leaf Software >http://www.figleaf.com/ >voice: (202) 797-5496 >fax: (202) 797-5444 > > ______________________________________________________________________ Get the mailserver that powers this list at http://www.coolfusion.com ------------------------------------------------------------------------------ To unsubscribe, send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body or visit the list page at www.houseoffusion.com
