Home » IIS » Vulnerability “Remove the default page or stop/disable the IIS server”

Vulnerability “Remove the default page or stop/disable the IIS server”

Penetration tools may raise an alarm if the default IIS page is still available in your server. This page comes by default when you install Web Server role.

Follow the steps below to disable it so this vulnerability don’t come up in the reports anymore.

IIS default page

Steps to disable default page:

  1. Open IIS Manager
  2. Click the server name
  3. Double click on Default Document
  4. On the right side, click “Disable”
Disable default page

Here is a list of known IIS vulnerabilities: List

If you see a vulnerability about older TLS versions, check this post out: Security Scan (Qualys SSL Labs) shows TLS 1.0 and 1.1 are enabled

Ned Sahin

Blogger for 20 years. Former Microsoft Engineer. Author of six books. I love creating helpful content and sharing with the world. Reach me out for any questions or feedback.
Categories IIS

1 thought on “Vulnerability “Remove the default page or stop/disable the IIS server””

Leave a Comment