How to configure .net core 3.1 application to prevent 'Server' in the response header
Asked
Active
Viewed 8,308 times
6
-
https://stackoverflow.com/questions/52452194/remove-server-header-from-asp-net-core-2-1-application – VillageTech Dec 22 '19 at 17:09
3 Answers
11
Add a web.config file to the web project with this content (you may have additional content you merge in to your web.config file):
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<security>
<requestFiltering removeServerHeader="true" />
</security>
</system.webServer>
</configuration>
Joe Wilson
- 5,591
- 2
- 27
- 38
11
If you want to remove the "Kestrel" value returned as Server header, then the correct answer to the question is to do this using the KestrelServerOptions.
While it is possible to use web.config, it is more proper to not have the header added by the runtime to begin with.
This is how you turn off the server header in .NET Core 3.1, add the ConfigureKestrel call within your ConfigureWebHostDefaults method in Program.cs:
webBuilder.ConfigureKestrel(serverOptions =>
{
serverOptions.AddServerHeader = false;
});
Here is a full example to set the context where you can add it:
public class Program
{
public static void Main(string[] args)
{
CreateHostBuilder(args).Build().Run();
}
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.ConfigureKestrel(serverOptions =>
{
serverOptions.AddServerHeader = false;
});
webBuilder.UseStartup<Startup>();
});
}
SondreB
- 808
- 7
- 14
-
I see now that the comment linked by @VillageTech above has the same answer. Sorry about duplicate answer. – SondreB Apr 29 '20 at 17:24
8
In .Net 6 ASP.Net Core
builder.WebHost.ConfigureKestrel(options => options.AddServerHeader = false);
Serg.ID
- 1,604
- 1
- 21
- 25