c# - How to remove x-powered-by header in .net core 2.0

Question

Welcome To Ask or Share your Answers For Others

c# - How to remove x-powered-by header in .net core 2.0

posted Oct 24, 2021 in Technique[技术] by 深蓝 (71.8m points)

c# - How to remove x-powered-by header in .net core 2.0

I tried to use this middleware:

public class SecurityHeadersMiddleware
{
    private readonly RequestDelegate next;

    public SecurityHeadersMiddleware(RequestDelegate next)
    {
        this.next = next;
    }

    public async Task Invoke(HttpContext context)
    {
        context.Response.OnStarting(state =>
        {
            var ctx = (HttpContext)state;

            if (!ctx.Response.Headers.ContainsKey("Arr-Disable-Session-Affinity"))
            {
                ctx.Response.Headers.Add("Arr-Disable-Session-Affinity", "True"); // Disables the Azure ARRAffinity cookie
            }

            if (ctx.Response.Headers.ContainsKey("Server"))
            {
                ctx.Response.Headers.Remove("Server"); // For security reasons
            }

            if (ctx.Response.Headers.ContainsKey("x-powered-by") || ctx.Response.Headers.ContainsKey("X-Powered-By"))
            {
                ctx.Response.Headers.Remove("x-powered-by");
                ctx.Response.Headers.Remove("X-Powered-By");
            }

            if (!ctx.Response.Headers.ContainsKey("X-Frame-Options"))
            {
                ctx.Response.Headers.Add("X-Frame-Options", "DENY");
            }

            return Task.FromResult(0);
        }, context);

        await next(context);
    }
}

x-powered-by is still there in response header which says asp.net

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

1 Reply

深蓝 · Answer 1 · 2021-10-23T18:58:44+0000

As far as I know, the removal of these headers is facilitated with the Request Filtering module, which is part of IIS.

To remove a header, you need to have a web.config file stored on your site, with the following content:

<?xml version="1.0" encoding="utf-8"?>
<configuration>

  <!-- To customize the asp.net core module uncomment and edit the following section. 
  For more info see https://go.microsoft.com/fwlink/?linkid=838655 -->

  <system.webServer>
    <handlers>
      <remove name="aspNetCore"/>
      <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified"/>
    </handlers>
    <aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".logsstdout" />
    <httpProtocol>
      <customHeaders>
        <remove name="X-Powered-By" />
      </customHeaders>
    </httpProtocol>
  </system.webServer>


</configuration>

Add this web.config to your net core application's root folder.

Then it will remove the x-powered-by header.

The result like this:

Categories

c# - How to remove x-powered-by header in .net core 2.0

c# - How to remove x-powered-by header in .net core 2.0

Please log in or register to add a comment.

Please log in or register to reply this article.

1 Reply

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags