从WCF中的HTTP响应中删除服务器 [英] Remove Server from HTTP Response in WCF

问题描述

我有一个需要保护的在IIS 7.5上运行的Internet公开WCF服务. 我想在HTTP响应中删除服务器"标头.

I have an internet exposed WCF service running on IIS 7.5 that I need to secure. I would like to remove the "Server" header in the HTTP response.

我已经用以下代码实现了一个IDispatchMessageInspector.

I've implemented an IDispatchMessageInspector with code as follows.

public void BeforeSendReply(ref Message reply, object correlationState)
{
    var context = WebOperationContext.Current;
    if (context != null)
    {
        context.OutgoingResponse.Headers.Remove(
            HttpResponseHeader.Server);
    }
}

但是，服务器头仍然在响应中. 在调试时，我可以看到OutgoingResponse.Headers不包含HttpResonseHead.Server，并且如果我编写自己的值，则很明显，IIS管道中的某些行进一步覆盖了该值.

However, the Server header is still in the response. On debugging I can see that the OutgoingResponse.Headers does not include HttpResonseHead.Server, and if I write my own value it is clearly being overriten by something further down the line in the IIS pipeline.

编辑1

尝试以下方法，也没有好处

Tried the following, no good either

public class SecureServerHeaderModule : IHttpModule
{
    #region Implementation of IHttpModule

    public void Init(HttpApplication context)
    {
        context.PreSendRequestHeaders += OnPreSendRequestHeaders;
    }

    public void Dispose() { }

    #endregion

    private static void OnPreSendRequestHeaders(object sender, EventArgs e)
    {
        var context = HttpContext.Current;
        if (context != null)
        {
            context.Response.Headers.Remove("Server");                
        }
    }
}

<system.web>
  <httpModules>
    <add "snip" />
  </httpModlules>
</system.web>
<system.webServer>
  <modules>
    <add "snip" />
  </modlules>
</system.webServer>

编辑2

也没有用.

public void BeforeSendReply(ref Message reply, object correlationState)
{
    var context = OperationContext.Current;
    if (context != null)
    {
        context.OutgoingMessageProperties.Remove(
            HttpResponseHeader.Server.ToString());
        context.OutgoingMessageProperties.Add(
            HttpResponseHeader.CacheControl.ToString(), "no-store");
    }
}

推荐答案

此方法使用IDispatchMessageInspector

public class SecureBehaviour : IDispatchMessageInspector
{
    public object AfterReceiveRequest(ref Message request,
        IClientChannel channel, InstanceContext instanceContext)
    {
        return null;
    }

    public void BeforeSendReply(ref Message reply, object correlationState)
    {

        var httpCtx = HttpContext.Current;
        if (httpCtx != null)
        {
            httpCtx.Response.Headers.Remove(
                HttpResponseHeader.Server.ToString());
        }
    }
}

这篇关于从WCF中的HTTP响应中删除服务器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！