Changing headers that IIS/ASP.NET sends. Side-effects?_问答_开发者

Changing headers that IIS/ASP.NET sends. Side-effects?

开发者 https://www.devze.com 2023-01-16 16:29 出处：网络

IIS / ASP.NET sends HTTP headers to identify itself by default. ServerMicrosoft-IIS/7.5 X-AspNetMvc-Version2.0

相关专题：http-headers

IIS / ASP.NET sends HTTP headers to identify itself by default.

Server               Microsoft-IIS/7.5
X-AspNetMvc-Version  2.0
X-AspNet-Version     4.0.30319
X-Powered-By         ASP.NET

Is there any reason not to remove these? Considering the ASP.NET vulnerabilitie开发者_C百科s recently discovered, some people recommend changing the Server header to that of another server, such as Apache, to throw off scanners looking for affected websites. This seems like a good idea. Are there any unwanted side effects that I'm not thinking of?

I agree with Andrew, but for practical purposes yes this is possible (see here) and I am not aware of any negative side-effects - I believe these exist purely for stat-gathering and "advertising" purposes and the ubiquitous "reserved for future use".

In my experience, such tricks are not useful in the least. Spend your time making sure the server is actually secure, rather than wasting time on hacks of essentially no benefit whatsoever. There are plenty of other more reliable ways to know what operating system and web service a server is running.