原文:http://blogs.msdn.com/b/varunm/archive/2013/04/23/remove-unwanted-http-response-headers.aspx
原文:http://blog.paulbouwer.com/2013/01/09/asafaweb-excessive-headers-and-windows-azure/
Server
在Global.asax.cs中添加红色部分代码
protected void Application_Start() { AreaRegistration.RegisterAllAreas(); WebApiConfig.Register(GlobalConfiguration.Configuration); FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters); RouteConfig.RegisterRoutes(RouteTable.Routes); BundleConfig.RegisterBundles(BundleTable.Bundles); }
protected void Application_PreSendRequestHeaders(object sender, EventArgs e) { HttpContext.Current.Response.Headers.Remove("Server"); }
如果使用的是Web Api 2.0的话,以上方法不支持,需要修改注册表
@echo off setlocal set regpath=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HTTP\Parameters reg add %regpath% /v DisableServerHeader /t REG_DWORD /d 00000001
复制上方代码,保存为批处理文件,然后运行
另外种方法借助IIS URL Rewrite Module,添加如下的重写规则:
<rewrite> <allowedServerVariables> <add name="REMOTE_ADDR" /> </allowedServerVariables> <outboundRules> <rule name="REMOVE_RESPONSE_SERVER"> <match serverVariable="RESPONSE_SERVER" pattern=".*" /> <action type="Rewrite" /> </rule> </outboundRules> </rewrite>
</system.webServer>
重写规则存放在C:\Windows\System32\inetsrv\config\applicationHost.config中。
X-Powered-By
在web.config中添加以下代码
<system.webServer> <httpProtocol> <customHeaders> <remove name="X-Powered-By" /> </customHeaders> </httpProtocol> </system.webServer>
X-AspNet-Version
在web.config中添加以下代码
<system.web> <httpRuntime enableVersionHeader="false" /> </system.web>
X-AspNetMvc-Version
在Global.asax.cs中添加红色部分代码
protected void Application_Start()
{
AreaRegistration.RegisterAllAreas();
WebApiConfig.Register(GlobalConfiguration.Configuration);
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
MvcHandler.DisableMvcResponseHeader = true;
}
或者在nuget下添加NWebsec包,移除以上Headers,未测试