locked
How to remove a host from request header RRS feed

  • Question

  • User-2137104452 posted

    I want to remove my host  from request header i tried using this code:

    protected void Application_PreSendRequestHeaders(object sender, EventArgs e)
    {

    var app = sender as HttpApplication;
    var uriObject = app.Context.Request.Url;
    HttpRequestMessage msg = new HttpRequestMessage(HttpMethod.Post, uriObject);
    msg.Headers.Clear();
    msg.Headers.Remove("Host");
    }
    when i checked in the browser the host is still displayed in the request header .i also checked using fiddler

    if anyone have any idea about how to remove the host from request header help me.

    Friday, June 14, 2019 10:16 AM

All replies

  • User753101303 posted

    Hi,

    For now you are just changing a new HTTP request message. Your intent is unclear. It seems you are trying to remove that from the request you receive ??? AFAIK this is just part of the http specification so that the web server knows which site should process the request.

    Could it be a confusion with for example the Server header sent in the response ?

    Edit: for example https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Host, could you explain what you are really trying to do ? You had security advices you are trying to apply ???

    Friday, June 14, 2019 11:57 AM
  • User1992938117 posted

    Mostly we use to remove Headers for response, due to security concerns,

    Try below if works:

     protected void Application_PreSendRequestHeaders(object sender, EventArgs e)
            {
                HttpContext.Current?.Request.Headers.Remove("Host");
            }

    We use to remove "Server" from response as below code:

     protected void Application_PreSendRequestHeaders(object sender, EventArgs e)
            {
                HttpContext.Current?.Response.Headers.Remove("Server");
            }

    Friday, June 14, 2019 12:45 PM
  • User-474980206 posted

    what you are doing makes no sense. the host header is where you specify the domain name of the url you are requesting and is required for http 1.1+.  web servers use the host header to determine the application. but if you want to remove it, you must use the old http 1.0 protocol (see the Version property). 

    Friday, June 14, 2019 3:19 PM