发表新帖
发表新帖

Removing headers from the response

前端 未结
关注
4 1111
予麋鹿
予麋鹿 2021-01-11 11:52

I need to cloak certain headers generated by ASP.NET and IIS and returned in the responses from a ASP.NET WebAPI service. The headers I need to cloak are:

  • Serv
相关标签:
4条回答
  • 野性不改
    2021-01-11 12:03

    If you're using IIS7 / Azure then have a look at this:

    Removing/Hiding/Disabling excessive HTTP response headers in Azure/IIS7 without UrlScan

    It shows the best way to disable these headers without using HttpModules.

    0 讨论(0)
  • 春和景丽
    2021-01-11 12:11

    if you like to remove version go to web.config file and add these lines

    <system.web>
<compilation debug="true" targetFramework="4.5.2" />
<!--enableVersionHeader remove the header-->
<httpRuntime targetFramework="4.5.2" enableVersionHeader = "false"/>

    also, add these 

    <httpProtocol>
  <customHeaders>
    <!--enableVersionHeader remove the header-->
    <remove name ="X-Powered-By"/>
    </customHeaders>
</httpProtocol>
    0 讨论(0)
  • 甜味超标
    2021-01-11 12:15

    The problem is each one is added at a different point:

    • Server: added by IIS. Not exactly sure if it can be turned off although you seem to have been to remove it using HttpModule .
    • X-AspNet-Version: added by System.Web.dll at the time of Flush in HttpResponse class
    • X-AspNetMvc-Version: Added by MvcHandler in System.Web.dll. It can be overridden so this one should be OK.
    • X-Powered-By by IIS but can be turned off as you said.

    I think your best bet is still using HttpModules.

    0 讨论(0)
  • 甜味超标
    2021-01-11 12:21

    For the benefit of those who land here through a google/bing search:: Here's the summary of steps:

    Step 1: Create a class that derives from IHttpModule (and IDisposable to clean up when we're done):

        public class MyCustomModule : IHttpModule, IDisposable
    {
         private HttpApplication _httpApplication
private static readonly List<string> HeadersToCloak = new List<string>
            {
                "Server",
                "X-AspNet-Version",
                "X-AspNetMvc-Version",
                "X-Powered-By"
            };
    ..
    }

    Step 2: Get a reference to the intrinsic context in the IHttpModule.Init method, and assign an event handler to the PreSendRequestHeaders event:

    public void Init(HttpApplication context)
        {
            _httpApplication = context;

            context.PreSendRequestHeaders += OnPreSendRequestHeaders;
        }

    Step 3: Now the headers can be removed like so:

    private void OnPreSendRequestHeaders(object sender, EventArgs e)
        {
            if (null == _httpApplication)
            {
                return;
            }

            if (_httpApplication.Context != null)
            {
                var response = _httpApplication.Response;
                HeadersToCloak.ForEach(header => response.Headers.Remove(header));
            }
        }

    Step 4: Now register this module in your root web.config under the system.webserver (if running IIS 7.0 integrated mode more details here):

    <configuration>
  <system.webServer>
    <modules>
      <add name="MyCustomModule" type="<namespace>.MyCustomModule "/>
    </modules>
  </system.webServer>
</configuration>

    Hope this helps!

    0 讨论(0)
 看不清?
提交回复
热议问题