原文:http://blogs.msdn.com/b/varunm/archive/2013/04/23/remove-unwanted-http-response-headers.aspx
原文:http://blog.paulbouwer.com/2013/01/09/asafaweb-excessive-headers-and-windows-azure/
Server
在Global.asax.cs中添加红色部分代码
protected void Application_Start() { AreaRegistration.RegisterAllAreas(); WebApiConfig.Register(GlobalConfiguration.Configuration); FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters); RouteConfig.RegisterRoutes(RouteTable.Routes); BundleConfig.RegisterBundles(BundleTable.Bundles); }
protected void Application_PreSendRequestHeaders(object sender, EventArgs e) { HttpContext.Current.Response.Headers.Remove("Server"); }
如果使用的是Web Api 2.0的话,以上方法不支持,需要修改注册表
@echo off setlocal set regpath=HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesHTTPParameters reg add %regpath% /v DisableServerHeader /t REG_DWORD /d 00000001
复制上方代码,保存为批处理文件,然后运行
另外种方法借助IIS URL Rewrite Module,添加如下的重写规则:
<rewrite>
<allowedServerVariables>
<add name="REMOTE_ADDR" />
</allowedServerVariables>
<outboundRules>
<rule name="REMOVE_RESPONSE_SERVER">
<match serverVariable="RESPONSE_SERVER" pattern=".*" />
<action type="Rewrite" />
</rule>
</outboundRules>
</rewrite>
</system.webServer>
重写规则存放在C:WindowsSystem32inetsrvconfigapplicationHost.config中。
X-Powered-By
在web.config中添加以下代码
<system.webServer>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
</system.webServer>
X-AspNet-Version
在web.config中添加以下代码
<system.web>
<httpRuntime enableVersionHeader="false" />
</system.web>
X-AspNetMvc-Version
在Global.asax.cs中添加红色部分代码
protected void Application_Start()
{
AreaRegistration.RegisterAllAreas();
WebApiConfig.Register(GlobalConfiguration.Configuration);
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
MvcHandler.DisableMvcResponseHeader = true;
}
或者在nuget下添加NWebsec包,移除以上Headers,未测试