在IIS中,我可以安全地删除X-Powered-By ASP.NET标头吗?
[英]In IIS, can I safely remove the X-Powered-By ASP.NET header?
问题描述
Will this cause any harm? 
这会造成什么伤害吗? Does it serve any purpose other than tell browsers you have .net installed? 除了告诉您安装了.net的浏览器之外,它是否可以用于任何目的?
I like this article about changing the header to Pure Evil. 我喜欢这篇关于将标题更改为Pure Evil的文章。 Genius! 天才!
http://www.iishacks.com/index.php/2009/11/11/remove-x-powered-by-aspnet-http-response-header/ http://www.iishacks.com/index.php/2009/11/11/remove-x-powered-by-aspnet-http-response-header/
4 个解决方案
解决方案1
25 2013-09-24 18:31:11
Add this to your web.config section 将其添加到您的web.config部分
<system.webServer>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
</system.webServer>
解决方案2
25 已采纳 2010-07-30 19:54:34
This header (and a few other headers) is not required or used by modern browsers and can safely be removed from the web site configuration in IIS without consequence. 现代浏览器不需要或使用此标头(以及一些其他标头),并且可以安全地从IIS中的网站配置中删除此标头而不会产生任何后果。 Other server-side languages also tend to include a "Powered by..." header that can be safely removed. 其他服务器端语言也倾向于包含可以安全删除的“Powered by ...”标头。 Here is another article that claims the same thing: 这是另一篇声称同样的文章:
http://www.4guysfromrolla.com/articles/120209-1.aspx http://www.4guysfromrolla.com/articles/120209-1.aspx
[...]
The Server, X-Powered-By, X-AspNet-Version, and X-AspNetMvc-Version HTTP headers provide no direct benefit and unnecessarily chew up a small amount of bandwidth.
解决方案3
5 2010-07-30 19:49:52
Yes you can remove it,it will not affect anything. 是的你可以删除它,它不会影响任何东西。 All x-headers are custom/non standard and informational only by definition. 所有x-header都是自定义/非标准的,仅按定义提供信息。 Browsers ignore them. 浏览器会忽略它们。 The only thing it could affect is some kind of custom application that actually uses them for something eg a web crawler that gathers statistics on what technology is being used on what website might use the header to determine if a site uses asp.net. 它唯一可能影响的是某种自定义应用程序,它实际上将它们用于某些东西,例如网络爬虫,它收集有关在哪个网站可能使用标头来确定网站是否使用asp.net的技术的统计数据。 They don't actually do anything. 他们实际上什么都不做。
解决方案4
4 2011-10-21 07:16:04
Yes you can remove it and it will give away less information to automated hacking tools and here you have a tutorial how to get a rid of Server, X-AspNet-Version, X-AspNetMvc-Version (if you use ASP.NET MVC) and X-Powered-By 是的,你可以删除它,它会给自动黑客工具提供更少的信息,在这里你有一个教程如何摆脱Server,X-AspNet-Version,X-AspNetMvc-Version(如果你使用ASP.NET MVC)和X-Powered-By
http://arturito.net/2011/10/21/how-to-remove-server-x-aspnet-version-x-aspnetmvc-version-and-x-powered-by-from-the-response-header-in-iis7/ http://arturito.net/2011/10/21/how-to-remove-server-x-aspnet-version-x-aspnetmvc-version-and-x-powered-by-from-the-response-header-在-IIS7 /
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.