IIS Development

IisDev

>  Home
>  News

 

Articles

>  Code Samples
>  ASP.NET
>  Security

 

Components & Tools

>  Free Components

 

Service

>  Links
>  Contact us

XAspFilter 1.0

Last updated: 05/16/03 (1.0)

ASP.NET sends two additional HTTP headers that give away too much information - this ISAPI filter removes them. Let's look at those headers:

They are X-Powered-By and X-AspNet-Version. The latter can be disabled via .config settings (detailed in the source code of the ISAPI filter), however, the X-Powered-By header cannot be disabled at all.

The filter by default removes both headers as shown in this screenshot:

Note that the Set-Cookie header will still give you away (when using Session state, that is).

As an additional bonus, you can compile the filter to send out bogus Server: and X-Powered-By headers, as shown in the below screenshot (actual header values from /.):

Download and Installation

Download (size is approx. 52KB)
The most current version number of the filter is 1.0. It is compiled with Visual C++ .NET 2002. Source code is included (BSD-licensed).

To use the filter, you have to register it in the Web site properties dialog of ISM (filter is already active in this screenshot):

Simply click Add, name the filter to your liking, point to the installation path and you are done:

 

©1998-2018 Christoph Wille. All rights reserved.
All content and images on this site are copyright. Reuse (even parts) needs our written consent.