Remove Server from HTTP Response in WCF

前端未结

关注

 6  1072

北海茫月 2021-01-13 18:15

I have an internet exposed WCF service running on IIS 7.5 that I need to secure. I would like to remove the \"Server\" header in the HTTP response.

I\'ve implemented

6条回答

臣服心动 (楼主)

2021-01-13 19:09

Have you tried editing your web.config and using the customHeaders tag under system.webServer.

This results in my C# ASP.NET application only having the following response headers:

HTTP/1.1 200 OK
Cache-Control: max-age=3600, public
Content-Length: 20992
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Last-Modified: Tue, 15 May 2012 18:01:11 GMT
ETag: "HHktEL5IWA6rspl4Bg2ZxNmnV3gTUCLt2cTldSsl05A="
Vary: Accept-Encoding
Date: Tue, 17 Jul 2012 21:38:38 GMT

Although I will admit I have not tried it with the "Server" header, this approach seems to work well. The reason I have not tried it with the "Server" header is that the following code in my IHttpModule works just fine.

    void PreSendRequestHeaders(object sender, EventArgs e)
    {
        HttpApplication application = (HttpApplication)sender;
        if(HttpRuntime.UsingIntegratedPipeline)
        {
            application.Response.Headers.Remove("Server");
            application.Response.Headers.Remove("Expires");
            application.Response.Headers.Remove("Cache-Control");
            application.Response.AddHeader("Cache-Control", "max-age=3600, public");
        }
    }

0 讨论(0)

查看其它6个回答