stackoom
  简体   繁体   中英

How to remove "Microsoft-HTTPAPI/2.0" from http response header on App Service Web App

 原文  2017-05-04 10:07:55       asp.net/ azure/ azure-web-app-service

Question

I have created two asp.net + MVC applications and deployed one to Azure App Service web app and other into an app service web application created in a ASE (Application Service Environment).

When providing special characters in the URL the response header consists of "Microsoft-HTTPAPI/2.0". I have done the below changes in the application but the issue still persists.

<security>
  <requestFiltering removeServerHeader="true"/>
</security>

protected void Application_PreSendRequestHeaders(Object source, EventArgs e)
{
    HttpContext.Current.Response.Headers.Remove("Server");
}

2 answers

solution1
 1  2017-05-05 03:34:59

To remove the default header. You could create a http module to do it. Code below is for your reference.

public class RemoveDefaultHeaderModule : IHttpModule
{
    public void Dispose()
    {

    }

    public void Init(HttpApplication context)
    {
        context.PreSendRequestHeaders += Context_PreSendRequestHeaders;
    }

    private void Context_PreSendRequestHeaders(object sender, EventArgs e)
    {
        //Remove the header you wanted
        (sender as HttpApplication).Response.Headers.Remove("Server");
        (sender as HttpApplication).Response.Headers.Remove("X-AspNet-Version");
    }
}

You also need to register this module in web.config. Don't forget to set runAllManagedModulesForAllRequests property to true which will make this module works for static resources.

<system.webServer>
  <modules runAllManagedModulesForAllRequests="true">
    <add name="RemoveDefaultHeaderModule" type="TestServerHeader.RemoveDefaultHeaderModule" />
  </modules>
</system.webServer>

solution2
 1  2017-06-23 18:00:27

I'm using Windows Server 2016 with IIS 10.0 and I got it working by running powershell(as admin) and did the following:

PS > cd IIS:\
PS > Set-WebConfigurationProperty -filter "system.webServer/security/requestFiltering" -name "removeServerHeader" -value "True"

Combined with this in the web.config:

<security>
  <requestFiltering removeServerHeader="true" />
</security>

As a reference, I red this blog post .

However, when I edit the web.config for any reason, I must rerun the script in order to remove the server header again... Or it seems to be there for a short time after updating the web.config...

Hope this help!

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to remove d: and __type from JSON response for ASP web service Can't Remove Server Name in Request Header in HTTP- Azure App Service Microsoft Azure Mobile App Service Backend Response Code 500 How can I remove excessive response header information from Azure Web-Apps? How to send an HTTP 4xx-5xx response with CORS headers in an ASPNET.Core web app? ADFS 2.0 Web app signout How to remove the outerXML from WCF service response how to get app to consume web service How to publish Asp.net Web Application from a Web Service or Windows Form App(Not from Vs editor) How to return JSON from a 2.0 asmx web service
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM