默认情况下,每一个MVC请求的HTTP Header中都会包含着当前服务器的一些信息,出于安全还是性能还是处女座的强迫症等等,都想把这些信息移除掉,增加一些应用程序的神秘感,如下,默认情况下Chrome中截获的HTTP Header信息:
Cache-Control:private, s-maxage=0Content-Encoding:gzipContent-Length:1184Content-Type:text/html; charset=utf-8Date:Sun, 08 Oct 2017 05:01:37 GMTServer:Microsoft-IIS/10.0Vary:Accept-EncodingX-AspNet-Version:4.0.30319X-AspNetMvc-Version:5.2X-Powered-By:ASP.NETX-SourceFiles:=?UTF-8?B?RTpcV29ya1xUaWFuTG9uZ1xMUS5NVkNBZG1pblxNYW5hZ2VyXEVxdWlwbWVudHM=?=
接下来,一步一步的移除其中的一些信息,本文环境为.NET Framework 4.5、MVC 5、IIS 10,测试有效。
移除X-AspNetMvc-Version
在Global.asax.cs中添加如下代码:
protected void Application_Start() ???????{ ???????????//屏蔽浏览器中的ASP.NET版本 ???????????MvcHandler.DisableMvcResponseHeader = true; ???????????AreaRegistration.RegisterAllAreas(); ???????????GlobalConfiguration.Configure(WebApiConfig.Register); ???????????FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters); ???????????RouteConfig.RegisterRoutes(RouteTable.Routes); ???????????BundleConfig.RegisterBundles(BundleTable.Bundles); ???????}效果如下:
Cache-Control:private, s-maxage=0Content-Encoding:gzipContent-Length:1184Content-Type:text/html; charset=utf-8Date:Sun, 08 Oct 2017 05:03:57 GMTServer:Microsoft-IIS/10.0Vary:Accept-EncodingX-AspNet-Version:4.0.30319X-Powered-By:ASP.NETX-SourceFiles:=?UTF-8?B?RTpcV29ya1xUaWFuTG9uZ1xMUS5NVkNBZG1pblxNYW5hZ2VyXEVxdWlwbWVudHM=?=
移除X-AspNet-Version
在config中添加如下代码:
<system.web> ???<compilation debug="true" targetFramework="4.5" /> ???<httpRuntime targetFramework="4.5" enableVersionHeader="false"/> ?</system.web>
效果如下:
Cache-Control:private, s-maxage=0Content-Encoding:gzipContent-Length:1184Content-Type:text/html; charset=utf-8Date:Sun, 08 Oct 2017 03:46:23 GMT
Vary:Accept-EncodingServer:Microsoft-IIS/10.0X-Powered-By:ASP.NETX-SourceFiles:=?UTF-8?B?RTpcV29ya1xUaWFuTG9uZ1xMUS5NVkNBZG1pblxNYW5hZ2VyXEVxdWlwbWVudHM=?=
移除Server
既可以移除同时也可以修改Server信息,也可以实现上面两个信息的移除,在Global.asax.cs文件中添加如下代码
protected void Application_PreSendRequestHeaders(object sender, EventArgs e) ???????{ ???????????HttpApplication app = sender as HttpApplication; ???????????if (app != null && app.Context != null) ???????????{ ???????????????//移除Server ???????????????app.Context.Response.Headers.Remove("Server"); ???????????????//修改Server的值 ?????????????????//app.Context.Response.Headers.Set("Server", "MyPreciousServer"); ???????????????//移除X-AspNet-Version,和上面效果一样 ?????????????????app.Context.Response.Headers.Remove("X-AspNet-Version"); ???????????????//移除X-AspNetMvc-Version,和上面效果一样 ?????????????????app.Context.Response.Headers.Remove("X-AspNetMvc-Version"); ???????????} ???????}效果如下:
Cache-Control:private, s-maxage=0Content-Encoding:gzipContent-Length:1184Content-Type:text/html; charset=utf-8Date:Sun, 08 Oct 2017 05:25:00 GMTVary:Accept-EncodingX-Powered-By:ASP.NETX-SourceFiles:=?UTF-8?B?RTpcV29ya1xUaWFuTG9uZ1xMUS5NVkNBZG1pblxNYW5hZ2VyXEVxdWlwbWVudHM=?=
移除X-Powered-By
在webconfig中添加配置项:
<system.webServer> ???<httpProtocol> ?????<customHeaders> ???????<remove name="X-Powered-By" /> ?????</customHeaders> ???</httpProtocol> ?</system.webServer>
移除效果如下:
Cache-Control:private, s-maxage=0Content-Encoding:gzipContent-Length:1184Content-Type:text/html; charset=utf-8Date:Sun, 08 Oct 2017 05:29:05 GMTVary:Accept-Encoding
MVC页面移除HTTP Header中服务器信息
原文地址:http://www.cnblogs.com/buyixiaohan/p/7637155.html