In order to ensure the compliance with currently applicable BSI security guidelines we are forced to continuously improve functionality of our products.
In case of Swyx Control Center 3.25 we removed some x-Headers from the server response. For Windows Server 2012 R2 these changes are not applicable due to the missing or not supported new parameters required on the IIS level. Installing and opening Swyx Control Center 3.25 on this operating system, without preforming any configurational changes, will result in an error message.
In order to be able to run Swyx Control Center on Windows Server 2012 R2 following changes need to be done:
--------------------------------
ATTENTION: Performing following steps will reduce the security level of the application and make the installation vulnerable
--------------------------------
- Install or update to Swyx Control Center (SCC) to the version 3.25 / 13.25
- Install the IIS URL-Rewrite Modul from Microsoft:
https://www.iis.net/downloads/microsoft/url-rewrite - Open 'web.config' file located under: 'C:\Program Files (x86)\Swyx\Swyx Control Center\Web.config'
- Replace following lines (379-383):
Original:
<security> <requestFiltering removeServerHeader="true"> <requestLimits maxAllowedContentLength="52428800"/> </requestFiltering> </security>New:
<rewrite> <outboundRules> <rule name="Remove RESPONSE_Server"> <match serverVariable="RESPONSE_Server" pattern=".+" /> <action type="Rewrite" value="SwyxControlCenter" /> </rule> </outboundRules> </rewrite> - Restart the IIS or the app pool of Swyx Control Center
Comments
0 comments
Article is closed for comments.