Hiding the Version Information of .Net Framework Due to Security Issue

Introduction

In this article, I will demonstrate how to hide version information of the .Net Framework, which is the "medium-level" security issue named "Information Disclosure". So I will tell you how to get rid of this issue or where you are lacking in the code. Use the following procedure to create a sample to help you understand this in detail.

Step 1. Create an Empty Website named "Version_example".

ASP dot NET empty web site

Step 2. Create a Web form named "Deafult.aspx" on the website.

website

I have just added some text to the page.

This is version examle

Step 3. Run the "Deafult.aspx" page.

Run the Deafult ASPX

Problem

A problem exists that when you change/edit the "url" the page will give an error such as page not found or resource not found as in the following image.

Problem

Solution

There are the following 2 reasons that can cause this issue:

  1. Either you have not added the <customErrors></customErrors> tag within <system.web>.
  2. Or the <customErrors></customErrors> tag within the <system.web> section with the property mode="Off".

So you need to add the <customErrors></customErrors> tag within the <system.web> section with the property mode="On" to eliminate this issue.

property

After adding this tag in the web.config, run the website, and change the URL.

url

Now as you have seen there is no information disclosure like version information that now exists on the page.


Similar Articles