从WCF中的HTTP响应中删除服务器 [英] Remove Server from HTTP Response in WCF
问题描述
我有一个需要保护的在IIS 7.5上运行的Internet公开WCF服务. 我想在HTTP响应中删除服务器"标头.
I have an internet exposed WCF service running on IIS 7.5 that I need to secure. I would like to remove the "Server" header in the HTTP response.
我已经用以下代码实现了一个IDispatchMessageInspector.
I've implemented an IDispatchMessageInspector with code as follows.
public void BeforeSendReply(ref Message reply, object correlationState)
{
var context = WebOperationContext.Current;
if (context != null)
{
context.OutgoingResponse.Headers.Remove(
HttpResponseHeader.Server);
}
}
但是,服务器头仍然在响应中.
在调试时,我可以看到OutgoingResponse.Headers
不包含HttpResonseHead.Server
,并且如果我编写自己的值,则很明显,IIS管道中的某些行进一步覆盖了该值.
However, the Server header is still in the response.
On debugging I can see that the OutgoingResponse.Headers
does not include HttpResonseHead.Server
, and if I write my own value it is clearly being overriten by something further down the line in the IIS pipeline.
编辑1
尝试以下方法,也没有好处
Tried the following, no good either
public class SecureServerHeaderModule : IHttpModule
{
#region Implementation of IHttpModule
public void Init(HttpApplication context)
{
context.PreSendRequestHeaders += OnPreSendRequestHeaders;
}
public void Dispose() { }
#endregion
private static void OnPreSendRequestHeaders(object sender, EventArgs e)
{
var context = HttpContext.Current;
if (context != null)
{
context.Response.Headers.Remove("Server");
}
}
}
<system.web>
<httpModules>
<add "snip" />
</httpModlules>
</system.web>
<system.webServer>
<modules>
<add "snip" />
</modlules>
</system.webServer>
编辑2
也没有用.
public void BeforeSendReply(ref Message reply, object correlationState)
{
var context = OperationContext.Current;
if (context != null)
{
context.OutgoingMessageProperties.Remove(
HttpResponseHeader.Server.ToString());
context.OutgoingMessageProperties.Add(
HttpResponseHeader.CacheControl.ToString(), "no-store");
}
}
推荐答案
此方法使用IDispatchMessageInspector
public class SecureBehaviour : IDispatchMessageInspector
{
public object AfterReceiveRequest(ref Message request,
IClientChannel channel, InstanceContext instanceContext)
{
return null;
}
public void BeforeSendReply(ref Message reply, object correlationState)
{
var httpCtx = HttpContext.Current;
if (httpCtx != null)
{
httpCtx.Response.Headers.Remove(
HttpResponseHeader.Server.ToString());
}
}
}
这篇关于从WCF中的HTTP响应中删除服务器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!