question

Vince9226-7973 avatar image
0 Votes"
Vince9226-7973 asked saldana-msft edited

Change / Remove Exchange Server 2016 Version Information in Response Body

Hi,

Due to security audit requirements, is it possible to update/remove the values (MajorVersion, MinorVersion, MajorBuildNumber, MinorBuildNumber) in "ServerVersionInfo" in OWA? The values that I referred to are in the following HTTP response:

HTTP Request

POST /owa/service.svc?action=FindFolder&EP=1&UA=0&ID=-82&AC=1 HTTP/1.1
...

HTTP Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
...

{"Header":{"ServerVersionInfo":{"MajorVersion":15,"MinorVersion":1,"MajorBuildNumber":1713,"MinorBuildNumber":5,"Version":"V2017_07_11"}},"Body":{...

If yes, how do I update/remove the values? Thank you so much in advance!

office-exchange-server-administrationoffice-outlook-itpro
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @Vince9226-7973 ,
I am writing here to confirm with you how thing going now? If the above suggestion helps, please be free to click “Accept as answer” to mark helpful reply as an answer.

0 Votes 0 ·
AndyDavid avatar image
0 Votes"
AndyDavid answered Vince9226-7973 commented

This is an IIS issue more than an Exchange/OWA fix.

I would look at this Microsoft article and go from there. Note you may have to revisit this and reset the changes after applying a new Exchange CU:

https://techcommunity.microsoft.com/t5/iis-support-blog/remove-unwanted-http-response-headers/ba-p/369710

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LucasLiu-MSFT avatar image
0 Votes"
LucasLiu-MSFT answered LucasLiu-MSFT commented

Hi,
I agree with Andy.
According to my research, the content of the body part in the HTTP response is affected by the setting of the header part.
You could use URLRewrite in IIS to set the server header.
1. Install URLRewrite, then head to the IIS Manager and select your site, then URL Rewrite.
2. Select Server Variables and then add a new Server Variable called RESPONSE_SERVER.
3. Go back to the rules page, add a new rule and select a blank outbound rule.
4. Set the Matching Scope to Server Variable, the Variable name is RESPONSE_SERVER and set the Pattern to .* to match any content. Hit Apply to create your new rule.
For more information you could refer to: Hardening Your HTTP Response Headers In IIS Server and HTTP Messages.


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @Vince9226-7973 ,
Do suggestions above help? If you have any questions or needed further help on this issue, please feel free to post back. If the issue has been resolved, please click “Accept as answer” to mark your solution or the helpful reply as answer, this will make answer searching in the forum easier.
Thanks for your understanding.

0 Votes 0 ·