Is it possible to remove information from Server E

2019-05-14 12:25发布

站内问答 / C#
1595 3 6

In order to better hide information from users, I'm trying to remove the Version information section from the standard ASP.NET error screen.

Custom errors are on, but, under certain circumstances, if you manage to get an error outside of your control (server issues perhaps?) then you can get through to the YSOD. I've tried changing the web.config to include the httpruntime setting where you can set enableVersionHeader to false but the version information still comes through.

Also, in the Application_PreSendRequestHeaders method, I've tried to remove "X-AspNet-Version" from the response headers but that header doesn't exist due to the web.config setting.

Is what I want even possible within this context or will that information always exist?

3条回答
爷的心禁止访问
2楼-- · 2019-05-14 12:37

The problem could be that IIS is rendering the error page instead of ASP.NET. Try changing the system.webServer section of your web.config like this:

<system.webServer>
  <httpErrors errorMode="Custom" existingResponse="Replace">
    <remove statusCode="500" subStatusCode="-1" />
    <error statusCode="500" subStatusCode="-1" responseMode="ExecuteURL" path="/500.aspx" />
  </httpErrors>
</system.webServer>

Also, check you IIS settings, that's probably where the X-AspNet-Version header is being set.

查看更多
0人赞 添加讨论(0) 举报
劫难
3楼-- · 2019-05-14 12:44

In IIS this problem can be resolve changing "HTTP Response Headers" configuration

To remove X-AspNet-Version, in the web.config find/create <system.web> and add:

  <system.web>
    <httpRuntime enableVersionHeader="false" />

    ...

To remove X-AspNetMvc-Version, go to Global.asax, find/create the Application_Start event and add a line as follows:

  protected void Application_Start()
  {
      MvcHandler.DisableMvcResponseHeader = true;
  }

To remove X-Powered-By, in the web.config find/create <system.webServer> and add:

  <system.webServer>
    <httpProtocol>
      <customHeaders>
        <remove name="X-Powered-By" />
      </customHeaders>
    </httpProtocol>

    ...
查看更多
0人赞 添加讨论(0) 举报
smile是对你的礼貌
4楼-- · 2019-05-14 12:59

To hide .NET version information from .NET error pages (not generic IIS errors like 403, 404 etc.), use empty element without defaultRedirect attribute:

<configuration>
    <system.web>
        <customErrors mode="RemoteOnly"/>
    </system.web>
</configuration>

Before:

Before

After:

After

To remove X-AspNet-Version HTTP response header, set the enableVersionHeader to False on httpRuntime element:

<configuration>
    <system.web>
        <httpRuntime enableVersionHeader="False"/>
    </system.web>
</configuration>
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)