IIS Development

IisDev

>  Home
>  News
>  Notification Service

 

Articles

>  Code Samples
>  ASP.NET
>  Security

 

Components & Tools

>  Free Components
>  SharpDevelop
>  ComponentCenter
>  CodeLook Program

 

Service

>  Links
>  Advertising
>  Contact us

Search IISDEV:

XAspFilter 1.0

Last updated: 05/16/03 (1.0)


ASP.NET sends two additional HTTP headers that give away too much information - this ISAPI filter removes them. Let's look at those headers:

They are X-Powered-By and X-AspNet-Version. The latter can be disabled via .config settings (detailed in the source code of the ISAPI filter), however, the X-Powered-By header cannot be disabled at all.

The filter by default removes both headers as shown in this screenshot:

Note that the Set-Cookie header will still give you away (when using Session state, that is).

As an additional bonus, you can compile the filter to send out bogus Server: and X-Powered-By headers, as shown in the below screenshot (actual header values from /.):

Download and Installation

Download (size is approx. 52KB)
The most current version number of the filter is 1.0. It is compiled with Visual C++ .NET 2002. Source code is included (BSD-licensed).

To use the filter, you have to register it in the Web site properties dialog of ISM (filter is already active in this screenshot):

Simply click Add, name the filter to your liking, point to the installation path and you are done:

 

©1998-2004 Christoph Wille. All rights reserved.
All content and images on this site are copyright. Reuse (even parts) needs our written consent.