In my earlier post Securing ASP.NET Web Applications in IIS I missed a bit on removing HTTP headers that disclose information.
You should also update your Global.asax to include:
Troy Hunt has an excellent article that discusses the risks of giving away information in your response headers.
I've updated my earlier post. Stay safe!
You should also update your Global.asax to include:
protected void Application_Start() { … MvcHandler.DisableMvcResponseHeader = true; } protected void Application_PreSendRequestHeaders() { if (HttpContext.Current != null) { HttpContext.Current.Response.Headers.Remove("Server"); } }
Troy Hunt has an excellent article that discusses the risks of giving away information in your response headers.
I've updated my earlier post. Stay safe!
Comments
Post a Comment