加拿大华人论坛 美国华人新闻Remove the X
在加拿大
by Mads Kristensen 18. June 2007I’ve always been a little annoyed by the fact that ASP.NET websites sends the version number as a HTTP header. For an ASP.NET 2.0 application this is added automatically to the headers and you cannot remove it from code. This is what it looks like:X-AspNet-Version => 2.0.50727Why would it be necessary to send this information about your application to possible hackers? It doesn’t make sense. Maybe it’s because it allows for statistics to be collected about what versions people are using. Microsoft could then send a crawler to investigate all the websites in the Windows Live search database. I don’t have a problem with that; it’s the hackers I fear.The other auto-injected header X-Powered-By => ASP.NET is fine with me. It’s easy for people to see by the .aspx extension that you run ASP.NET anyway, so this is not a security issue but still a little annoying that you cannot remove it from within your ASP.NET application. You have to remove it from the IIS.Then the other day I was playing around with the web.config and by accident noticed the httpRuntime tag and its enableVersionHeader attribute. For some reason I’ve never noticed it before. If the enableVersionHeader attribute is set to false, the X-AspNet-Version header will not be sent.So, to get rid of the X-AspNet-Version HTTP header from the response, just copy this line into the web.config’s <system.web> section:<httpRuntime enableVersionHeader="false" />I think if it was such a big deal to get rid of it, I’d probably done some more research and found this trick years ago. Anyway, I just thought I would share it with you.
·加拿大新闻 慕尼黑,长安新航标
·加拿大新闻 顶尖!多伦多病童医院荣登全球儿科第一!这些医院专科非常领
·加拿大新闻 “免费检查”骗局!士嘉堡男子花掉4万加元做了不必要屋顶维修
·加拿大新闻 欧拉首款纯电SUV亮相,或命名“欧拉5”
·加拿大新闻 新款911 Turbo S发布,这个价格还是没认清定位
·新西兰新闻 中餐厨师小时薪低至11纽币 华人老板被判支付4万欠薪
·新西兰新闻 降雪、雷暴、强风来袭!南岛交通即将迎来严峻考验
