Hello everyone,
Recently I started my adventure with ASP.NET/IIS environment and I am improving security of my server currently.
I'm trying to mask fingerprint of my server before aggressors. Output of nikto application is following:
root@kali:~# nikto -h 192.168.20.20
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP: 192.168.20.20
+ Target Hostname: 192.168.20.20
+ Target Port: 80
+ Start Time: 2016-08-26 11:14:31 (GMT0)
---------------------------------------------------------------------------
+ Server: Apache/2.2.22 #
+ Retrieved x-powered-by header: PHP/5.2.17 #my_comment: I already changed this parameters in web.config.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ Root page / redirects to: https://192.168.20.20/
+ Server banner has changed from 'Apache/2.2.22' to 'Microsoft-IIS/8.5' which may suggest a WAF, load balancer or proxy is in place
+ Retrieved x-aspnet-version header: 4.0.30319
+ Apache/2.2.22 appears to be outdated (current is at least Apache/2.4.12). Apache 2.0.65 (final release) and 2.2.29 are also current.
+ 20515 requests: 0 error(s) and 5 item(s) reported on remote host
+ End Time: 2016-08-24 11:16:42 (GMT0) (131 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
As you can see, http server is marked as IIS 8.5 .. I've got the suggest 'WAF, load balancer or proxy', but I don't know how can I go further..
I will waiting for your response.
Regards
AErot