Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to hide out what technology a program is using?

Tags:

.net

asp.net

web

When I search my problem I find this old question.

How to find out what technology a program is using?.

Its define how to show but not how to hide ? I have several asp.net sites .Some of my sites use CKEditor and others JavaScript Libraries.

when I type my url in :

http://builtwith.com/

its show : Result

Is there any web.config setting or another setting not to show technology or program used by my site.I search a lot but unable to find any thing.Any help would be much appreciated .Thanks.

like image 945
4b0 Avatar asked Apr 06 '15 07:04

4b0

Video Answer

2 Answers

By default ASP.NET shouts about itself a lot. It sends HTTP headers with each response telling the world and dog what version of ASP.NET your site is hosted on and even what version of MVC you are using. Below is an example of the extra headers needlessly being sent with every request:

ASP.NET custom headers

To fix this problem you need to do a few things. The first is to set the enableVersionHeader setting on the httpRuntime section to false.

<!-- enableVersionHeader - Remove the ASP.NET version number from the response headers. Added security through obscurity. -->
<httpRuntime targetFramework="4.5" enableVersionHeader="false" />

Then you need to clear the custom headers as shown below.

<httpProtocol>
  <customHeaders>
    <!-- X-Powered-By - Remove the HTTP header for added security and a slight performance increase. -->
    <clear />
  </customHeaders>
</httpProtocol>

for more read this post: Securing the ASP.NET Web.config

And also there is project in github which called NWebsecand NWebsec lets you configure quite a few security headers, some are useful for most applications while others are a bit more specialized. Here's the project link: Getting started with NWebsec.

like image 148
Mohsen Esmailpour Avatar answered Oct 18 '22 03:10

Mohsen Esmailpour

In addition to obfuscating your scripts, your website may also give away information in the form of http headers and html meta tags. For example one of my sites shows these http response headers:

Server: Microsoft-IIS/8.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET

These show my site is running iis8.5 and which .net version which is the first information shown on builtwith.com. Most if not all web servers have a way of suppressing these and of course you can control the meta tags.

Also the url can contain clues as well. If you have urls that end in .aspx, .jsp, .php that is a dead giveaway. You can solve this using SEF urls or by using some sort of url rewriter for whatever server technology you are using

like image 37
Bolo Avatar answered Oct 18 '22 01:10

Bolo
Sign in to Comment

Related questions

Change the Google pie Chart percentage text Colour
How to Deserialize JSON
Kendo UI Chart - Click Events
Configuration section encryption is not supported
asp:CheckBox - prevent text from wrapping below checkbox
How to track expired WIF fedauth cookies?
ASP.NET Optimization Framework (JS and CSS minification and Bundling) using CDN and HashContent (Cache Buster or Finger Print)
Setting margins, headers and footers for PDF without overlap
ASP.NET MVC 4 and WYSIWYG Editor Validation
Why HttpContext.Current is Static?
WebApi2 attribute routing inherited controllers
ASP.NET MVC Microsoft Live Account Authentication on Localhost
301 Redirect in ASP.NET web.config including Parameters
ASP.NET Identity 2.0 Signout not working
How to share a property amongst several C# classes
New Google Recaptcha with ASP.Net
How to subscribe to an MVC checkbox change event in JQUERY
Using Eval in aspx only if property exists in item - throws DataBinding exception
SagePay .Net Integration Kit - Error when returning NOTAVAILABLE value for 3dSecureStatus
.Net OWIN WebApiConfig not being called

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!