locked
remove server info from response header RRS feed

  • Question

  • User-590375999 posted

    Hi,

    i want to remove the server info (Server: Microsoft-IIS/8.5) from the response header, i add the following rule to remove the Server name and version info from the response header

     <rewrite>    
        <outboundRules rewriteBeforeCache="true">
          <rule name="Remove Server header">
            <match serverVariable="RESPONSE_Server" pattern=".+" />
            <action type="Rewrite" value="" />
          </rule>
        </outboundRules>
      </rewrite>

    this rule does remove the information  with the web service call but does not remove the info with the static files like logo.gif and header.jpg .

    i have added the <modules runAllManagedModulesForAllRequests="true"> in web.config file but the server still returns the server info with the static files.

    <modules runAllManagedModulesForAllRequests="true" />

    Wednesday, November 14, 2018 3:11 AM

Answers

  • User-893317190 posted

    Hi sivapooja,

    <modules runAllManagedModulesForAllRequests="true" /> means all request will be dealt with by httpModule including static resources.

    If you set it to true,but you don't have httpModule to deal with the request, it will not work.

    So, you should add a customized httpModul to deal with the request and in the module you could remove the server header.

    Below is my code. type is the name of your httpModule with namespace.

    <system.webServer>
     
    
       <modules runAllManagedModulesForAllRequests="true">
    
         <add name="myModule" type="MyWebFormCases.Services.MyModule" />
       </modules>
    
        </system.webServer>

    And my httpModul

     public void Init(HttpApplication context)
            {
               
                context.EndRequest += MyOnEndRequest;
               
            }
    
    
            public void MyOnEndRequest(Object source, EventArgs e)
            {
                HttpContext.Current.Response.Headers.Remove("Server");
            }

    After that , it will deal with all the request and all the server header will be removed.

    Below is my request for an image and its response has no server header.

    Best regards,

    Ackerly Xu

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, November 15, 2018 3:16 AM

All replies

  • User-893317190 posted

    Hi sivapooja,

    <modules runAllManagedModulesForAllRequests="true" /> means all request will be dealt with by httpModule including static resources.

    If you set it to true,but you don't have httpModule to deal with the request, it will not work.

    So, you should add a customized httpModul to deal with the request and in the module you could remove the server header.

    Below is my code. type is the name of your httpModule with namespace.

    <system.webServer>
     
    
       <modules runAllManagedModulesForAllRequests="true">
    
         <add name="myModule" type="MyWebFormCases.Services.MyModule" />
       </modules>
    
        </system.webServer>

    And my httpModul

     public void Init(HttpApplication context)
            {
               
                context.EndRequest += MyOnEndRequest;
               
            }
    
    
            public void MyOnEndRequest(Object source, EventArgs e)
            {
                HttpContext.Current.Response.Headers.Remove("Server");
            }

    After that , it will deal with all the request and all the server header will be removed.

    Below is my request for an image and its response has no server header.

    Best regards,

    Ackerly Xu

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, November 15, 2018 3:16 AM
  • User-590375999 posted

    hi,

    after i cleared the cache all on now, the static files pick from the cache that's why the server info was present.

    now the issue is the server returns Server info with the response header for 500 and 404 response. how to remove the server info from 500 and 404 response header?

    Thursday, November 15, 2018 4:18 AM
  • User-893317190 posted

    Hi sivapooja,

    In my case,after I add my module. Even in 404 and 500 ,there is no server header.

    How do you write your code?I couldn't reproduce your problem.

    Best regards,

    Ackelry Xu

    Thursday, November 15, 2018 5:13 AM
  • User-590375999 posted

    Hi, 

    404 response still return the server name

    Request URL: https://mysite/a
    Request Method: GET
    Status Code: 404 Not Found
    Remote Address: xxx.xxx.xx.xxx:xxx
    Referrer Policy: no-referrer-when-downgrade
    Cache-Control: private
    Content-Length: 1899
    Content-Type: text/html; charset=utf-8
    Date: Thu, 15 Nov 2018 05:36:46 GMT
    Server: Microsoft-IIS/8.5
    X-Frame-Options: SAMEORIGIN

    Thursday, November 15, 2018 5:39 AM
  • User-893317190 posted

    Hi sivapooja,

    You could try

     public void Init(HttpApplication context)
            {
              
     
                context.PreSendRequestHeaders += MyOnEndRequest;
    
            }
    
    
            public void MyOnEndRequest(Object source, EventArgs e)
            {
                HttpContext.Current.Response.Headers.Remove("Server");
            }

    If it still doesn't  work, could you please show your related code?

    Best regards,

    Ackerly Xu

    Thursday, November 15, 2018 7:07 AM