Asp.Net Remove Unwanted Headers

原文:http://blogs.msdn.com/b/varunm/archive/2013/04/23/remove-unwanted-http-response-headers.aspx

原文:http://blog.paulbouwer.com/2013/01/09/asafaweb-excessive-headers-and-windows-azure/

Server

在Global.asax.cs中添加红色部分代码

        protected void Application_Start()
        {
            AreaRegistration.RegisterAllAreas();

            WebApiConfig.Register(GlobalConfiguration.Configuration);
            FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
            RouteConfig.RegisterRoutes(RouteTable.Routes);
            BundleConfig.RegisterBundles(BundleTable.Bundles);
        }

        protected void Application_PreSendRequestHeaders(object sender, EventArgs e)
        {
            HttpContext.Current.Response.Headers.Remove("Server");
        }

如果使用的是Web Api 2.0的话,以上方法不支持,需要修改注册表

@echo off
setlocal
set regpath=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HTTP\Parameters
reg add %regpath% /v DisableServerHeader /t REG_DWORD /d 00000001

复制上方代码,保存为批处理文件,然后运行

另外种方法借助IIS URL Rewrite Module,添加如下的重写规则:

复制代码
 
<system.webServer>
<rewrite>
        <allowedServerVariables>
            <add name="REMOTE_ADDR" />
        </allowedServerVariables>            
        <outboundRules>
            <rule name="REMOVE_RESPONSE_SERVER">
                <match serverVariable="RESPONSE_SERVER" pattern=".*" />
                <action type="Rewrite" />
            </rule>
        </outboundRules>
</rewrite>
</system.webServer>
复制代码

重写规则存放在C:\Windows\System32\inetsrv\config\applicationHost.config中。

X-Powered-By

在web.config中添加以下代码

<system.webServer>
    <httpProtocol>
      <customHeaders>
        <remove name="X-Powered-By" />
      </customHeaders>
    </httpProtocol>
</system.webServer>

X-AspNet-Version

在web.config中添加以下代码

<system.web>
    <httpRuntime enableVersionHeader="false" />
</system.web>

X-AspNetMvc-Version

在Global.asax.cs中添加红色部分代码

        protected void Application_Start()
        {
            AreaRegistration.RegisterAllAreas();

            WebApiConfig.Register(GlobalConfiguration.Configuration);
            FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
            RouteConfig.RegisterRoutes(RouteTable.Routes);
            BundleConfig.RegisterBundles(BundleTable.Bundles);
            MvcHandler.DisableMvcResponseHeader = true;
        }

或者在nuget下添加NWebsec包,移除以上Headers,未测试

posted @ 2015-04-28 16:39  Varorbc  阅读(410)  评论(0编辑  收藏  举报