加拿大华人论坛 美国华人新闻Remove the X
在加拿大
by Mads Kristensen 18. June 2007I’ve always been a little annoyed by the fact that ASP.NET websites sends the version number as a HTTP header. For an ASP.NET 2.0 application this is added automatically to the headers and you cannot remove it from code. This is what it looks like:X-AspNet-Version => 2.0.50727Why would it be necessary to send this information about your application to possible hackers? It doesn’t make sense. Maybe it’s because it allows for statistics to be collected about what versions people are using. Microsoft could then send a crawler to investigate all the websites in the Windows Live search database. I don’t have a problem with that; it’s the hackers I fear.The other auto-injected header X-Powered-By => ASP.NET is fine with me. It’s easy for people to see by the .aspx extension that you run ASP.NET anyway, so this is not a security issue but still a little annoying that you cannot remove it from within your ASP.NET application. You have to remove it from the IIS.Then the other day I was playing around with the web.config and by accident noticed the httpRuntime tag and its enableVersionHeader attribute. For some reason I’ve never noticed it before. If the enableVersionHeader attribute is set to false, the X-AspNet-Version header will not be sent.So, to get rid of the X-AspNet-Version HTTP header from the response, just copy this line into the web.config’s <system.web> section:<httpRuntime enableVersionHeader="false" />I think if it was such a big deal to get rid of it, I’d probably done some more research and found this trick years ago. Anyway, I just thought I would share it with you.
·加拿大新闻 全新奥迪A6L3.0T:2026年上市,外观变化太大?
·加拿大新闻 发现了吗?房贷才是检验牛马的唯一标准
·加拿大新闻 [评论] 保守党频出状况博励治领导地位岌岌可危
·加拿大新闻 幕后牵线曝光!万锦自由党议员出手,促成马荣铮跳槽
·加拿大新闻 加拿大大部分地区将迎“白色圣诞”安省魁省概率最高
·生活百科 这算不算车道?
·中文新闻 悉尼女子与兄弟争夺继承权后挪用100万澳元
