在 IIS 7.0 集成模式 使用 Response.ClearHeaders() 删除所有标头后,IIS 会添加一些其他标头,例如 Server 和 X-Powered-By 向黑客揭示了好的信息.我怎样才能停止这种行为(考虑我仍然需要添加我的自定义标题)?
In IIS 7.0 integrated mode after deleting all headers with Response.ClearHeaders() IIS would add some other headers like Server and X-Powered-By which reveals good information to hackers. How can I stop this behavior (consider I still need to add my custom headers) ?
您可以将其添加到您的 Web.Config:
You can add this to your Web.Config:
<system.webServer>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
</system.webServer>
更新:如果您使用的是 MVC 框架,我还建议您删除 X-AspNetMvc-Version 和 X-AspNet-Version 标头.这是通过在 Global.asax 文件中设置 MvcHandler.DisableMvcResponseHeader = true 和 <system.web><httpRuntime enableVersionHeader="false"/></system.web> 在你的 Web.config 中.
Update: if you're using the MVC framework I would also recommend removing the X-AspNetMvc-Version and X-AspNet-Version headers as well. This is accomplished by setting MvcHandler.DisableMvcResponseHeader = true in your Global.asax file and <system.web><httpRuntime enableVersionHeader="false" /></system.web> in your Web.config respectively.
这篇关于如何从响应中删除 IIS 自定义标头,例如 X-Powered-By: ASP.NET?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!