我放置了自定义错误页面,并放入了动词阻止功能,仅允许GET和POST。但是,当我尝试其他方法(DELETE,OPTION,TRACE)时,它没有重定向到自定义错误页面,它也是公开服务器版本。 HTTP 200中未公开服务器版本。
错误页面处理-:
<httpErrors errorMode="Custom" existingResponse="Auto" defaultResponseMode="Redirect" >
<remove statusCode="500" subStatusCode="-1" />
<error statusCode="404" path="SSPERR.aspx" responseMode="Redirect"/>
<error statusCode="500" path="SSPERR.aspx" responseMode="Redirect"/>
</httpErrors>
规则
<httpErrors errorMode="Custom" existingResponse="Auto" defaultResponseMode="Redirect" >
<remove statusCode="500" subStatusCode="-1" />
<error statusCode="404" path="SSPERR.aspx" responseMode="Redirect"/>
<error statusCode="500" path="SSPERR.aspx" responseMode="Redirect"/>
</httpErrors>
<security>
<requestFiltering>
<verbs allowUnlisted="false">
<clear/>
<add verb="GET" allowed="true"/>
<add verb="POST" allowed="true"/>
</verbs>
</requestFiltering>
</security>
<rewrite>
<outboundRules rewriteBeforeCache="true">
<rule name="Remove RESPONSE_Server" >
<match serverVariable="RESPONSE_Server" pattern=".+"/>
<action type="Rewrite" value="" />
</rule>
</outboundRules>
</rewrite>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
<modules runAllManagedModulesForAllRequests="true" />
Global.asax文件-:
protected void Application_PreSendRequestHeaders(object sender, EventArgs
{
HttpContext.Current.Response.Headers.Remove("Server");
HttpContext.Current.Response.Headers.Remove("X-AspNet-Version");
HttpContext.Current.Response.Headers.Remove("X-AspNetMvc-Version");
}
好我发现了问题:
您忘记删除错误404,但再次添加并重复了。因此,应用程序会引发异常,并且标头无法正确删除。现在您可以看到一切正常。而且我提供使用纯HTML文件的错误页面。所以error.html会更好。
<httpErrors errorMode="Custom" existingResponse="Auto" defaultResponseMode="File" >
<remove statusCode="500" subStatusCode="-1" />
<remove statusCode="404" subStatusCode="-1" />
<error statusCode="404" path="~/error.html" responseMode="File"/>
<error statusCode="500" path="~/error.html" responseMode="File"/>
</httpErrors>