Change / Remove Exchange Server 2016 Version Information in Response Body

Vince9226 1 Reputation point
2020-08-07T08:50:41.493+00:00

Hi,

Due to security audit requirements, is it possible to update/remove the values (MajorVersion, MinorVersion, MajorBuildNumber, MinorBuildNumber) in "ServerVersionInfo" in OWA? The values that I referred to are in the following HTTP response:

HTTP Request

POST /owa/service.svc?action=FindFolder&EP=1&UA=0&ID=-82&AC=1 HTTP/1.1
...

HTTP Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
...

{"Header":{"ServerVersionInfo":{"MajorVersion":15,"MinorVersion":1,"MajorBuildNumber":1713,"MinorBuildNumber":5,"Version":"V2017_07_11"}},"Body":{...

If yes, how do I update/remove the values? Thank you so much in advance!

Outlook Management
Outlook Management
Outlook: A family of Microsoft email and calendar products.Management: The act or process of organizing, handling, directing or controlling something.
4,887 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,350 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David - MVP 141.6K Reputation points MVP
    2020-08-07T10:49:34.447+00:00

    This is an IIS issue more than an Exchange/OWA fix.

    I would look at this Microsoft article and go from there. Note you may have to revisit this and reset the changes after applying a new Exchange CU:

    https://techcommunity.microsoft.com/t5/iis-support-blog/remove-unwanted-http-response-headers/ba-p/369710

    0 comments
  2. Lucas Liu-MSFT 6,161 Reputation points
    2020-08-10T08:11:54.363+00:00

    Hi,
    I agree with Andy.
    According to my research, the content of the body part in the HTTP response is affected by the setting of the header part.
    You could use URLRewrite in IIS to set the server header.

    1. Install URLRewrite, then head to the IIS Manager and select your site, then URL Rewrite.
    2. Select Server Variables and then add a new Server Variable called RESPONSE_SERVER.
    3. Go back to the rules page, add a new rule and select a blank outbound rule.
    4. Set the Matching Scope to Server Variable, the Variable name is RESPONSE_SERVER and set the Pattern to .* to match any content. Hit Apply to create your new rule.
      For more information you could refer to: Hardening Your HTTP Response Headers In IIS Server and HTTP Messages.