加拿大华人论坛 美国华人新闻Remove the X
在加拿大
by Mads Kristensen 18. June 2007I’ve always been a little annoyed by the fact that ASP.NET websites sends the version number as a HTTP header. For an ASP.NET 2.0 application this is added automatically to the headers and you cannot remove it from code. This is what it looks like:X-AspNet-Version => 2.0.50727Why would it be necessary to send this information about your application to possible hackers? It doesn’t make sense. Maybe it’s because it allows for statistics to be collected about what versions people are using. Microsoft could then send a crawler to investigate all the websites in the Windows Live search database. I don’t have a problem with that; it’s the hackers I fear.The other auto-injected header X-Powered-By => ASP.NET is fine with me. It’s easy for people to see by the .aspx extension that you run ASP.NET anyway, so this is not a security issue but still a little annoying that you cannot remove it from within your ASP.NET application. You have to remove it from the IIS.Then the other day I was playing around with the web.config and by accident noticed the httpRuntime tag and its enableVersionHeader attribute. For some reason I’ve never noticed it before. If the enableVersionHeader attribute is set to false, the X-AspNet-Version header will not be sent.So, to get rid of the X-AspNet-Version HTTP header from the response, just copy this line into the web.config’s <system.web> section:<httpRuntime enableVersionHeader="false" />I think if it was such a big deal to get rid of it, I’d probably done some more research and found this trick years ago. Anyway, I just thought I would share it with you.
·加拿大新闻 马斯克三大战略回应特斯拉未来疑问
·加拿大新闻 保时捷W18:18缸怪兽,优点与缺点一览
·加拿大新闻 炸锅!纯中文广告再次现身加拿大!华人无语:当年列治文的伤
·加拿大新闻 2025款马自达EZ
·加拿大新闻 最新民调:邹至蕙支持率崩盘!多伦多人要求换新市长
·中文新闻 凯蒂·辛德:随着爱泼斯坦的爆料不断升级,菲姬被独立电视台
·中文新闻 肖恩·宾妻子隐藏的健康之战:演员的第五任妻子、40 岁的“战
