使用自定义错误页时删除IIS服务器标头
[英]Remove IIS Server header when using Custom Error Pages
问题描述
Ok...I needed to remove the 'Microsoft:IIS8.5' Server header from my production server and I have done that using URLReWrite module. 
好的......我需要从生产服务器中删除“Microsoft:IIS8.5”服务器标头,我已经使用URLReWrite模块完成了该操作。 Here's my rule: 这是我的规则:
<outboundRules>
<rule name="replace server name header" patternSyntax="Wildcard">
<match serverVariable="RESPONSE_Server" pattern="*" />
<action type="Rewrite" value="MyServer" />
</rule>
</outboundRules>
This works great on all regular pages. 这适用于所有常规页面。 The problem is that I have custom error pages so that when I hit an error, it executes my custom error (using MVC) and it looks great. 问题是我有自定义错误页面,所以当我遇到错误时,它会执行我的自定义错误(使用MVC),它看起来很棒。
But, when it returns this custom error page, the Server variable is back to 'Microsoft:IIS 8.5' 但是,当它返回此自定义错误页面时,Server变量将返回到“Microsoft:IIS 8.5”
Not sure why this would do this since the UrlReWrite is supposed to replace the variable on ALL responses. 不知道为什么会这样做,因为UrlReWrite应该替换所有响应上的变量。
Any ideas why this would happen? 有什么想法会发生这种情况吗?
1 个解决方案
解决方案1
3 2016-01-04 15:53:47
Ok, so after a good number of hours, I couldn't figure out why when I execute a custom error page, IIS bypasses by rewrite rule for the Server Header. 好的,所以经过很长时间后,我无法弄清楚为什么当我执行自定义错误页面时,IIS会绕过服务器标头的重写规则。
I was able to change the IIS Error Page settings to Redirect to my Custom Error page, instead of Executing the custom error page. 我能够将IIS错误页面设置更改为重定向到我的自定义错误页面,而不是执行自定义错误页面。
What's crazy is that the initial response from the invalid page, which has a return code of 302, has the rewritten Server Header, along with the Custom Error page that it redirects to. 令人抓狂的是,无效页面的返回代码为302的初始响应具有重写的服务器标题,以及重定向到的自定义错误页面。
Figured I'd post the answer in case anyone else hits this same issue. 如果其他人遇到同样的问题,我会发布答案。 It's obscure, but when going through a security scan, it can be found. 它很模糊,但在进行安全扫描时,可以找到它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.