我需要从 ASP.NET MVC 3 Web 应用程序中删除以下标头。
Server
X-AspNet-Version
X-AspNetMvc-Version
X-AspNetWebPages-Version
X-Powered-By
我发现有两个可行的选择。选项 1 更干净,实际上删除了服务器标头,但我试图找出是否有任何我应该担心的副作用。任何一个选项都比另一个更好吗?每种方法的优点/缺点是什么?
Global.asax.cs >> Application_Start()
PreSendRequestHeaders += Application_PreSendRequestHeaders;
全局.asax.cs
protected void Application_PreSendRequestHeaders(object sender, EventArgs e)
{
HttpContext.Current.Response.Headers.Remove("Server");
HttpContext.Current.Response.Headers.Remove("X-AspNetWebPages-Version");
HttpContext.Current.Response.Headers.Remove("X-AspNet-Version");
HttpContext.Current.Response.Headers.Remove("X-Powered-By");
HttpContext.Current.Response.Headers.Remove("X-AspNetMvc-Version");
}
Web.config >> 内部<system.web>节点(删除 X-AspNet-Version)
<httpRuntime enableVersionHeader="false" />
Web.config >> 内部<system.webServer>节点(删除 X-Powered-By)
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
Web.config >> 内部<system.webServer>节点(更改服务器的值,需要 URLRewrite)
<rewrite>
<outboundRules rewriteBeforeCache="true">
<rule name="Remove Server header">
<match serverVariable="RESPONSE_Server" pattern=".+" />
<action type="Rewrite" value="" /> …