I have several dozens of sites where I want to block ASP.Net, and part of the job is to disable the bloody headers (saying which version of ASP.Net is running). This includes going to each web.config file and setting <httpRuntime enableVersionHeader="false" /> , is there a way to do this globally? In the machine.config (s) file, total 4, IIS7 does not support enableVersionHeader="false" in the same httpRuntime tag. Is there a special tag or section for this in the machine.config file?
I wanted to add that <deployment retail="true" /> is another recommendation, but trying to put it in the machine.config file (in the system.web file) also leads to an error. (Any ideas?) Right now, I'm just going to put them in web.configs, but it would be nice if MS had this required PCI function inside IIS (one typo in the .config files may take the site or the whole server down - with such a popular request, you might think that they put this in a GUI !!!)
source share