在Azure网站预览中删除服务器和X-Powered by HTTP标头 [英] Removing Server and X-Powered-By HTTP Headers on Azure Web Site Preview
问题描述
为了安全起见,我想删除所有HTTP标头,这些标头显示有关我的应用程序正在运行的OS,Web Server或Framework的详细信息.使用SO和其他地方的文章,我能够将所有内容从IIS Express本地显示中删除.不幸的是,当我发布到Azure网站预览时,仍然保留了三个标题:
For security I want to remove any HTTP headers that reveals details about the OS, Web Server or Framework that my application is running. I was able to remove all from displaying locally with IIS Express using the articles found on SO and elsewhere. Unfortunately when I published to my Azure Web Site preview, three headers remained:
- 服务器:Microsoft-IIS/7.5
- X-Powered-By:ARR/2.5
- X-Powered-By:ASP.NET
我找到的文章是针对Azure Web角色而不是网站预览的,例如
The articles I'm finding are for Azure Web Roles instead of Web Site Preview, such as this one.
有人知道如何从网站预览"中删除吗?
Does anyone know how to remove from Web Site Preview?
推荐答案
Windows Azure网站是共享的基础结构,您无权像在Web角色中那样配置IIS.正如您正确指出的那样,您可以删除以下标头:
Windows Azure Websites are shared infrastructure and you do not have access to configure IIS as you do in a Web Role. As you have correctly pointed out you could remove these headers:
- X-AspNet版本
- X-AspNetMvc版本
- X-AspNet-Version
- X-AspNetMvc-Version
但剩下以下内容:
- 服务器:Microsoft-IIS/7.5
- X-Powered-By:ARR/2.5
- X-Powered-By:ASP.NET
- Server: Microsoft-IIS/7.5
- X-Powered-By: ARR/2.5
- X-Powered-By: ASP.NET
即使您实施了所有必要的步骤来禁止显示这些标头,您也可以从我的博客
Even if you implement all the necessary steps to suppress these headers you will see from my blog post that illegal requests will be handled by HTTP.SYS at the kernel level which will return the Microsoft-HTTPAPI/2.0 header. You need to edit the registry to remove this header.
结论是,如果要最终控制IIS和HTTP.SYS,则需要将网站托管在非共享的基础结构中.因此,您的选择是Windows Azure云服务中的Web角色.
The conclusion is that if you want ultimate control of IIS and HTTP.SYS you will need to host your website in a non-shared infrastructure. So your option is a Web Role in a Windows Azure Cloud Service.
这篇关于在Azure网站预览中删除服务器和X-Powered by HTTP标头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
