ServerMask for IIS Listing updated: June 3, 2003

An often overlooked security issue is the exposure of a Web server’s identity via its HTTP header. By anonymizing your Web server's identity, you can trick hackers to attempt mistargeted exploits, making it easier for intrusion detection systems and firewalls to accomplish their missions and foil the hack. ServerMask obscures the identity of a Windows Web server by removing the most obvious signs that you are running IIS. ServerMask removes or modifies unnecessary response data. The software provides control over what Server header data, if any, is visible in HTTP responses. Session cookie masking permits the customization of any type of session cookie (including the Windows-specific ASP session cookie). ServerMask can emulate the Apache Web server’s HTTP header order and disable Microsoft WebDav with one click to suppress its multiple identifiable headers. It also removes the Windows-specific Public header from HTTP responses, a relic of HTTP 1.0 seldom used today, and converts the Windows SMTP banner to any message. When combined with these security recommendations and other server tools like PageXchanger and CustomError, ServerMask provides the anonymization component of your total security strategy.