My app is deployed on azure app service. Response of my server includes the following HTTP headers
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Which i would like permanently exclude from my responses.
The problem is the following. I tried three things
Changes in web.config file
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
<remove name="Server" />
<remove name="Access-Control-Allow-Origin" />
</customHeaders>
</httpProtocol>
<security>
<requestFiltering removeServerHeader="true" />
</security>
</system.webServer>
</configuration>
In my localhost i run my app and make request i do not get aforementioned headers, but when i deploy it on azure i get the headers again.
Change Startup.cs file
app.Use(async (context, next) =>
{
context.Response.Headers.Remove("Server");
context.Response.Headers.Remove("X-Powered-By");
await next();
});
This produce the same result in localhost ok but when deploy get the same headers.
Write middleware
public async Task InvokeAsync(HttpContext context)
{
context.Response.Headers.Remove("Server");
context.Response.Headers.Remove("X-Powered-By");
await _next(context);
}
app.UseMiddleware<HttpMiddleware>();
app.UseAuthentication();
app.UseMiddleware<RequestLoggingMiddleware>();
This is also produce the same result, in localhost ok but when deploy to the azure get the same headers. I am not the azure/cloud expert but maybe there is something that need to be changed on azure?
According to your description, I suggest you could try below way to remove the X-Powered-By: ASP.NET.
If you host the application on linux, you could try to modify the UseKestrel setting in Program.CS:
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>();
webBuilder.UseKestrel(option => option.AddServerHeader = false);
});
Result:

If you host the application on windows, you should modify the web.config to remove the header.
Like below:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<!-- To customize the asp.net core module uncomment and edit the following section.
For more info see https://go.microsoft.com/fwlink/?linkid=838655 -->
<system.webServer>
<handlers>
<remove name="aspNetCore"/>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified"/>
</handlers>
<aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" />
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
Result:

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With