I have a website running in Azure Web Roles. I tested the site against asafaweb.com and got an "Excessive Headers" warning.
Basically Azure sends out the IIS version and the .net version as part of the header.
There is plenty of information on how to turn these headers off in IIS, but how do I turn them off in Azure?
This is what I use in most projects to hide these headers:
Global.asax.cs (only applies to MVC projects)
protected void Application_Start()
{
MvcHandler.DisableMvcResponseHeader = true;
}
Custom HttpModule
public class RemoveHeadersHttpModule : IHttpModule
{
public void Init(HttpApplication context)
{
context.PreSendRequestHeaders += OnPreSendRequestHeaders;
}
private void OnPreSendRequestHeaders(object sender, EventArgs e)
{
HttpContext.Current.Response.Headers.Remove("Server");
HttpContext.Current.Response.Headers.Remove("X-AspNet-Version");
}
public void Dispose()
{
}
}
web.config
<system.webServer>
<httpProtocol>
<customHeaders>
<remove name="Server" />
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
<modules runAllManagedModulesForAllRequests="true">
. . .
<add name="RemoveHeadersHttpModule" type="MyNamespace.RemoveHeadersHttpModule"/>
</modules>
. . .
</system.webServer>
If you want a complete solution to remove all Excessive Headers on Azure that also works with Cassini without using a custom HttpModule, see here:
Removing/Hiding/Disabling excessive HTTP response headers in Azure/IIS7 without UrlScan
Windows Azure Web Roles are essentially Windows Server 2008, with IIS enabled. So, if you wanted to tailor IIS, you could use a startup script and call appcmd to change the settings you want (or manipulate it in any other way you usually do). Your script would look something like:
%windir%\system32\inetsrv\appcmd set ...
