堆栈内存溢出
  简体   繁体   English

如何通过删除服务器信息 <customHeaders> 在web.config中

[英]how to remove server info via <customHeaders> in web.config

 原文  2013-11-15 12:26:41       c#/ asp.net/ web-config

问题描述

I have removed the x-powered-by using <httpProtocol> 我已经使用<httpProtocol>删除了x-powered-by 

<httpProtocol>
      <customHeaders>
        <remove name="X-Powered-By" />
       <remove name="Server" />
      </customHeaders>
</httpProtocol>

This hides the X-Powered-By but the server (IIS info ) is still not getting removed 这将隐藏X-Powered-By但是服务器(IIS信息)仍未被删除

It would be good if there is a way where I can remove all the info in the Response Header 如果有一种方法可以删除Response Header中的所有信息,那将是很好的

How can i do it? 我该怎么做?

1 个解决方案

解决方案1
 1  2013-11-15 12:30:49

I believe you need UrlScan to remove the IIS info. 我相信您需要UrlScan才能删除IIS信息。

The particular setting you need to configure is: RemoveServerHeader 您需要配置的特定设置是: RemoveServerHeader

By default, a Web server returns a header that identifies what Web server software it is running in all responses. 默认情况下,Web服务器返回一个标头,该标头标识其在所有响应中运行的Web服务器软件。 This can increase the server vulnerability because an attacker can determine that a server is running IIS and then attack known IIS problems, instead of trying to attack an IIS server by using exploits that are designed for other Web servers. 这可能会增加服务器漏洞,因为攻击者可以确定服务器正在运行IIS,然后攻击已知的IIS问题,而不是尝试通过使用为其他Web服务器设计的漏洞来攻击IIS服务器。 By default, this option is set to 0. If you set the RemoveServerHeader option to 1, you prevent your server from sending the header that identifies it as an IIS server. 默认情况下,此选项设置为0。如果将RemoveServerHeader选项设置为1,则可以防止服务器发送将其标识为IIS服务器的标头。 If you set RemoveServerHeader to 0, this header is still sent. 如果将RemoveServerHeader设置为0,则仍发送此标头。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何通过web.config从URL中删除查询字符串 - How to remove querystring from a url via web.config 如何使用web.config删除DbProviderFactories? - How remove DbProviderFactories using web.config? ASP.NET/IIS,什么时候做<customHeaders>在 web.config 中获取添加到页面? - ASP.NET/IIS, When do <customHeaders> in the web.config get added to the page? WCF + Silverlight 4:如何通过Web.config配置已知类型? - WCF + Silverlight 4: How to configure known types via Web.config? 如何通过C#在Web.Config中检索Key的值 - How to retrieve the value for the Key in the Web.Config via C# 更新web.config时如何删除html字符? - How to remove html characters while updating web.config? 如何通过web.config启用WebApi DelegatingHandler - How to enable WebApi DelegatingHandler via web.config 如何通过 web.config ASP.NET 重定向 - How to redirect via web.config ASP.NET 如何使用web.config从iis中删除扩展 - How to remove an extension from iis using web.config 如何以编程方式从web.config中检索smtp服务器详细信息 - How to programmatically retrieve smtp server details from web.config
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM