Reputation: 47
How to remove "Microsoft-HTTPAPI/2.0" from http response header on App Service Web App
I have created two asp.net + MVC applications and deployed one to Azure App Service web app and other into an app service web application created in a ASE (Application Service Environment).
When providing special characters in the URL the response header consists of "Microsoft-HTTPAPI/2.0". I have done the below changes in the application but the issue still persists.
<security>
<requestFiltering removeServerHeader="true"/>
</security>
protected void Application_PreSendRequestHeaders(Object source, EventArgs e)
{
HttpContext.Current.Response.Headers.Remove("Server");
}
Upvotes: 2
Views: 8012
Answers (2)
Reputation: 849
I'm using Windows Server 2016 with IIS 10.0 and I got it working by running powershell(as admin) and did the following:
PS > cd IIS:\
PS > Set-WebConfigurationProperty -filter "system.webServer/security/requestFiltering" -name "removeServerHeader" -value "True"
Combined with this in the web.config:
<security>
<requestFiltering removeServerHeader="true" />
</security>
As a reference, I red this blog post.
However, when I edit the web.config for any reason, I must rerun the script in order to remove the server header again... Or it seems to be there for a short time after updating the web.config...
Hope this help!
Upvotes: 0
Reputation: 8491
To remove the default header. You could create a http module to do it. Code below is for your reference.
public class RemoveDefaultHeaderModule : IHttpModule
{
public void Dispose()
{
}
public void Init(HttpApplication context)
{
context.PreSendRequestHeaders += Context_PreSendRequestHeaders;
}
private void Context_PreSendRequestHeaders(object sender, EventArgs e)
{
//Remove the header you wanted
(sender as HttpApplication).Response.Headers.Remove("Server");
(sender as HttpApplication).Response.Headers.Remove("X-AspNet-Version");
}
}
You also need to register this module in web.config. Don't forget to set runAllManagedModulesForAllRequests property to true which will make this module works for static resources.
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<add name="RemoveDefaultHeaderModule" type="TestServerHeader.RemoveDefaultHeaderModule" />
</modules>
</system.webServer>
Upvotes: 1
Related Questions
- Azure WebApp remove 'Server' header for bad requests
- How to remove server info header from web api core 3.1 response which is hosted as azure web app?
- How to remove Server Header Azure App Service when requesting with Connect HTTP method
- How can I remove excessive response header information from Azure Web-Apps?
- How to hide Server parameter in response header of Azure app Service?
- How can I control the HTTP response headers added to my ASP.NET core web application when hosted in Azure app service?
- Change ASP.NET Version of Azure app service
- Response Header issue on Azure Web Application
- Remove Server:HTTPAPI/2.0 header on invalid request
- Azure API Apps removing standard server headers