更改 IIS/ASP.NET 发送的标头。副作用?
默认情况下,IIS / ASP.NET 发送 HTTP 标头来标识自身。
Server Microsoft-IIS/7.5
X-AspNetMvc-Version 2.0
X-AspNet-Version 4.0.30319
X-Powered-By ASP.NET
有什么理由不删除这些呢?考虑 ASP.NET 漏洞 最近发现,一些人建议将 Server 标头更改为另一台服务器(例如 Apache)的标头,以阻止扫描仪寻找受影响的网站。这似乎是个好主意。是否有任何我没有想到的不良副作用?
IIS / ASP.NET sends HTTP headers to identify itself by default.
Server Microsoft-IIS/7.5
X-AspNetMvc-Version 2.0
X-AspNet-Version 4.0.30319
X-Powered-By ASP.NET
Is there any reason not to remove these? Considering the ASP.NET vulnerabilities recently discovered, some people recommend changing the Server header to that of another server, such as Apache, to throw off scanners looking for affected websites. This seems like a good idea. Are there any unwanted side effects that I'm not thinking of?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我同意安德鲁的观点,但出于实际目的,这是可能的(请参阅此处),我不知道有任何负面副作用 - 我相信这些副作用纯粹是为了统计数据和“广告”目的以及无处不在的“保留以供将来使用”。
I agree with Andrew, but for practical purposes yes this is possible (see here) and I am not aware of any negative side-effects - I believe these exist purely for stat-gathering and "advertising" purposes and the ubiquitous "reserved for future use".
根据我的经验,这样的技巧一点用处也没有。花时间确保服务器实际上是安全的,而不是将时间浪费在基本上没有任何好处的黑客攻击上。还有许多其他更可靠的方法可以了解服务器正在运行的操作系统和 Web 服务。
In my experience, such tricks are not useful in the least. Spend your time making sure the server is actually secure, rather than wasting time on hacks of essentially no benefit whatsoever. There are plenty of other more reliable ways to know what operating system and web service a server is running.