Your security department wants you to do this to make le server type harder to identify. This may lessen le barrage of automated hacking tools et make it more difficult for people to break into le server.
Within IIS, ouvrez le web site properties, alors allez dans le HTTP Headers tab. Most of le X- headers can be found et removed here. Cela peut be done for individual sites, ou for le entire server (modify le properties for le Web Sites object in le tree).
For le Server header, on IIS6 you can use Microsoft's URLScan tool to remote that. Port 80 Software aussi makes a product called ServerMask that will take care of that, et a lot more, for you.
For IIS7 (and higher), you can use le URL Rewrite Module to rewrite le server header ou blank c'est value. In web.config (at a site ou le server as a whole), add this content après le URL Rewrite Module has been installed:
<rewrite>
<outboundRules rewriteBeforeCache="true">
<rule name="Remove Server header">
<match serverVariable="RESPONSE_Server" pattern=".+" />
<action type="Rewrite" value="" />
</rule>
</outboundRules>
</rewrite>
Vous pouvez put a custom value into le rewrite action si you'd like. This sample sourced depuis this article qui aussi has autre great information.
For le MVC header, in Global.asax:
MvcHandler.DisableMvcResponseHeader = true;
Edited 11-12-2019 to mettez à jour le IIS7 info depuis le TechNet blog link was no longer valid.
