MVC页面移除HTTP Header中服务器信息
默认情况下,每一个MVC请求的HTTP Header中都会包含着当前服务器的一些信息,出于安全还是性能还是处女座的强迫症等等,都想把这些信息移除掉,增加一些应用程序的神秘感,如下,默认情况下Chrome中截获的HTTP Header信息:Cache-Control:private, s-maxage=0
Content
-Encoding:gzip
Content
-Length:1184
Content
-Type:text/html; 8
Date:Sun,
08 Oct 2017 05:01:37 GMT
Server:Microsoft
-IIS/10.0
Vary:Accept
-Encoding
X
-AspNet-Version:4.0.30319
X
-AspNetMvc-Version:5.2
X
-Powered-By:ASP.NET
X
-SourceFiles:=?UTF-8?B?RTpcV29ya1xUaWFuTG9uZ1xMUS5NVkNBZG1pblxNYW5hZ2VyXEVxdWlwbWVudHM=?= 接下来,一步一步的移除其中的一些信息,本文环境为.NET Framework 4.5、MVC 5、IIS 10,测试有效。
移除X-AspNetMvc-Version
在Global.asax.cs中添加如下代码:
protected void Application_Start()
{
//屏蔽浏览器中的ASP.NET版本
MvcHandler.DisableMvcResponseHeader = true;
AreaRegistration.RegisterAllAreas();
GlobalConfiguration.Configure(WebApiConfig.Register);
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
}
效果如下:
Cache-Control:private, s-maxage=0
Content
-Encoding:gzip
Content
-Length:1184
Content
-Type:text/html; charset=utf-8
Date:Sun,
08 Oct 2017 05:03:57 GMT
Server:Microsoft
-IIS/10.0
Vary:Accept
-Encoding
X
-AspNet-Version:4.0.30319
X
-Powered-By:ASP.NET
X-SourceFiles:=?UTF-8?B?RTpcV29ya1xUaWFuTG9uZ1xMUS5NVkNBZG1pblxNYW5hZ2VyXEVxdWlwbWVudHM=?=
移除X-AspNet-Version
在config中添加如下代码:
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" enableVersionHeader="false"/>
</system.web>
效果如下:
Cache-Control:private, s-maxage=0
Content
-Encoding:gzip
Content
-Length:1184
Content
-Type:text/html; charset=utf-8
Date:Sun,
08 Oct 2017 03:46:23 GMTVary:Accept-Encoding
Server:Microsoft
-IIS/10.0
X
-Powered-By:ASP.NET
X
-SourceFiles:=?UTF-8?B?RTpcV29ya1xUaWFuTG9uZ1xMUS5NVkNBZG1pblxNYW5hZ2VyXEVxdWlwbWVudHM=?=
移除Server
既可以移除同时也可以修改Server信息,也可以实现上面两个信息的移除,在Global.asax.cs文件中添加如下代码
protected void Application_PreSendRequestHeaders(object sender, EventArgs e)
{
HttpApplication app
= sender as HttpApplication;
if (app != null && app.Context != null)
{
//移除Server
app.Context.Response.Headers.Remove("Server");
//修改Server的值
//app.Context.Response.Headers.Set("Server", "MyPreciousServer");
//移除X-AspNet-Version,和上面效果一样
app.Context.Response.Headers.Remove("X-AspNet-Version");
//移除X-AspNetMvc-Version,和上面效果一样
app.Context.Response.Headers.Remove("X-AspNetMvc-Version");
}
}
效果如下:
Cache-Control:private, s-maxage=0
Content
-Encoding:gzip
Content
-Length:1184
Content
-Type:text/html; charset=utf-8
Date:Sun,
08 Oct 2017 05:25:00 GMT
Vary:Accept-Encoding
X
-Powered-By:ASP.NET
X-SourceFiles:=?UTF-8?B?RTpcV29ya1xUaWFuTG9uZ1xMUS5NVkNBZG1pblxNYW5hZ2VyXEVxdWlwbWVudHM=?=
移除X-Powered-By
在webconfig中添加配置项:
<system.webServer>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
</system.webServer>
移除效果如下:
Cache-Control:private, s-maxage=0
Content
-Encoding:gzip
Content
-Length:1184
Content
-Type:text/html; charset=utf-8
Date:Sun,
08 Oct 2017 05:29:05 GMT
Vary:Accept
-Encoding
页:
[1]