由于VERB命中被阻止而导致HTTP 500出现的服务器版本

我放置了自定义错误页面，并放入了动词阻止功能，仅允许GET和POST。但是，当我尝试其他方法（DELETE，OPTION，TRACE）时，它没有重定向到自定义错误页面，它也是公开服务器版本。 HTTP 200中未公开服务器版本。

错误页面处理-：

<httpErrors errorMode="Custom" existingResponse="Auto" defaultResponseMode="Redirect" >
      <remove statusCode="500" subStatusCode="-1" />
      <error statusCode="404" path="SSPERR.aspx" responseMode="Redirect"/>
      <error statusCode="500"  path="SSPERR.aspx" responseMode="Redirect"/>
</httpErrors>

规则

<httpErrors errorMode="Custom" existingResponse="Auto"  defaultResponseMode="Redirect" >
          <remove statusCode="500" subStatusCode="-1" />
          <error statusCode="404" path="SSPERR.aspx" responseMode="Redirect"/>
          <error statusCode="500"  path="SSPERR.aspx" responseMode="Redirect"/>
        </httpErrors>
        <security>
          <requestFiltering>
            <verbs allowUnlisted="false">
              <clear/>
              <add verb="GET" allowed="true"/>
              <add verb="POST" allowed="true"/>
            </verbs>
          </requestFiltering>
        </security>
        <rewrite>
          <outboundRules rewriteBeforeCache="true">
            <rule name="Remove RESPONSE_Server" >
              <match serverVariable="RESPONSE_Server" pattern=".+"/>
              <action type="Rewrite" value="" />
            </rule>
          </outboundRules>
        </rewrite>
        <httpProtocol>
          <customHeaders>
            <remove name="X-Powered-By" />
          </customHeaders>
        </httpProtocol>
        <modules runAllManagedModulesForAllRequests="true" />

Global.asax文件-：

protected void Application_PreSendRequestHeaders(object sender, EventArgs 
{
    HttpContext.Current.Response.Headers.Remove("Server");
    HttpContext.Current.Response.Headers.Remove("X-AspNet-Version");
    HttpContext.Current.Response.Headers.Remove("X-AspNetMvc-Version");
}