Hiding the Version Information of .Net Framework Due to Security Issue

Introduction

In this article I will demonstrate how to hide version information of the .Net Framework, which is the "medium level" security issue named "Information Disclosure".

So I will tell how to get rid of this issue or where you are lacking in the code.

Use the following procedure to create a sample to help you understand this in detail.

Step 1: Create an Empty Website named "Version_example".

Empty Website

Step 2: Create a Web from named "Deafult.aspx" in the website.

website

I have just add some text to the page.

page

Step 3: Run the "Deafult.aspx" page.

Run the Deafult page
Problem

A problem exists taht when you change/edit the "url" the page will give an error such as page not found or resource not found as in the following image.

Problem

Solution

There are the following 2 reasons that can cause this issue:

  1. Either you have not added the <customErrors></customErrors> tag within <system.web>.
  2. Or the <customErrors></customErrors> tag within the <system.web> section with the property mode="Off".

So you need to add the <customErrors></customErrors> tag within the <system.web> section with the property mode="On" to eliminate this issue.

property

After adding this tag in the web.config, run the website and change the URL.

url

Now as you have seen there is no information disclosure like version information that now exists in the page.