Friday, April 26, 2019

ASP.NET: Remove ASP.NET, AspNet-Version, IIS Server from HTTP Response Header using web.config

Remove Server from response header with an outboundRule URL Rewrite rule. This will work for IIS 7+ (IIS 7, 8.5, 8.0, 8.5):

<rewrite>   
  <outboundRules rewriteBeforeCache="true">
    <rule name="Remove Server header">
      <match serverVariable="RESPONSE_Server" pattern=".+" />
      <action type="Rewrite" value="" />
    </rule>
  </outboundRules>
</rewrite>

In Microsoft-IIS/8.0, we can rewrite 'Server: Microsoft-IIS/8.0' with your own text:

<action type="Rewrite"
  value="ABC custom text" />

To remove the server from response header in Microsoft-IIS 10.0, we can add this in web.config
<security>
  <requestFiltering removeServerHeader ="true" />
</security>

Remove ASP.NET X-Powered-By from response header:
<httpProtocol>
  <customHeaders>
    <remove name="X-Powered-By" />
  </customHeaders>
</httpProtocol>

Remove  X-AspNet-Version header from response header:
<httpRuntime enableVersionHeader="false" />

No comments:

Post a Comment

Git Commands and Using Them in Visual Studio

 Git is a widely used version control system that allows developers to manage changes to their code and collaborate with other IDE like Visu...