California Consumer Privacy Act (CCPA) Opt-Out Icon by info.odysseyx@gmail.com September 3, 2024 written by info.odysseyx@gmail.com September 3, 2024 0 comment 2 views 2 introduction Why use custom modules in IIS? Which versions of IIS support custom modules? Advantages of using custom modules How to use a custom module to remove unwanted HTTP headers in IIS conclusion Internet Information Services (IIS) is a flexible, secure, and easy-to-manage web server for hosting anything on the web. This includes websites, services, and applications. One of the lesser-known but powerful features of IIS is the ability to create custom modules using the .NET Framework. Custom modules allow developers to extend the functionality of the IIS pipeline by intercepting HTTP requests and responses. Custom modules in IIS are used for a number of reasons. Security: Strengthen security by inspecting incoming requests and outgoing responses for malicious content. Logging: Implement custom logging mechanisms to suit your specific business requirements. Performance: Optimize performance by caching responses or terminating requests early under certain conditions. Customization: Customize the behavior of IIS to suit your unique application requirements beyond the capabilities of the built-in modules. To learn more about custom modules, see:Management modules and custom modules in IIS Custom modules are supported in IIS 7.0 and later versions. These include: IIS 7.0 (Windows Server 2008) IIS 7.5 (Windows Server 2008 R2) IIS 8.0 (Windows Server 2012) IIS 8.5 (Windows Server 2012 R2) IIS 10.0 (Windows Server 2016 or later) These versions of IIS support Integrated and Classic pipeline modes, which provides greater flexibility when creating and deploying custom modules. Custom modules offer several benefits: Extensibility: Extend IIS functionality to perform tasks not supported by the base modules. Flexibility: Tailor your web server to handle specific scenarios, making your web applications more robust and secure. Central management: Manage and enforce rules and actions at the server level, providing a consistent approach across multiple applications. Scalability: Improve scalability by handling repetitive tasks more efficiently at the server level. Removing unwanted HTTP headers can be essential for security and privacy reasons. Here’s how to create a custom module to achieve this. I am using .NET Framework version 4.8.1 to create this class library in Visual Studio 2022. Step 1: Create a new class library project Open Visual Studio and create a new Class Library project. Give it an appropriate name (e.g. “RemoveHeadersModule”). Step 2: Implementing the IHttpModule interface Add a new class and implement the IHttpModule interface. Override the Init and Dispose methods. using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Threading.Tasks; using System.Web; using System.Web.UI; using System.Web.UI.WebControls; namespace RemoveHeadersModule { public class RemoveHeadersModule : IHttpModule { public void Init(HttpApplication context) { context.PreSendRequestHeaders += new EventHandler(OnPreSendRequestHeaders); } private void OnPreSendRequestHeaders(object sender, EventArgs e) { HttpContext.Current.Response.Headers.Remove("Server"); HttpContext.Current.Response.Headers.Remove("X-AspNet-Version"); HttpContext.Current.Response.Headers.Remove("X-AspNetMvc-Version"); HttpContext.Current.Response.Headers.Remove("Content-Type"); HttpContext.Current.Response.Headers.Remove("Content-Lenght"); HttpContext.Current.Response.Headers["X-Frame-Options"] = "SAMEORIGIN"; HttpContext.Current.Response.Headers["X-Powered-By"] = "Test"; HttpContext.Current.Response.Headers["X-Content-Type"] = "nosniff"; } public void Dispose() { // Clean-up code here if needed. } } } Examples of things you can remove: server X-AspNet version X-AspNetMvc version Content Type Content length Examples of things you can add as custom values: “X-Frame-Options” = “SAMEORIGIN”; “X-Powered-By” = “Test”; “X-Content-Type” = “No smell”; Step 3: Register the module in Web.config Open the Web.config file for your IIS application. Add the module to the system.webServer section. Step 3: Registering the module through the B IIS UI Open the IIS console Select the application to which you need to add the module Go to the Modules section Click Add New Management Module. Enter the details and click Confirm. Step 4: Build and Deploy Identify the application hosted on IIS for which you want to remove headers. Check the headers displayed in Fiddler, Postman, or Developer Tools. Build the project and copy the DLL to the bin directory of your IIS application. Test your application using a tool like Fiddler, Postman, or Developer Tools to ensure the module is enabled by ensuring the headers are removed/added as needed. Creating custom modules in IIS using the .NET Framework provides a powerful way to extend the functionality of the Web server. Whether for security, logging, or performance optimization, custom modules allow for a high level of customization and control. By following the steps outlined above, you can effectively implement a custom module to remove unwanted HTTP headers, thereby enhancing the security and privacy of your web application. Source link Share 0 FacebookTwitterPinterestEmail info.odysseyx@gmail.com previous post Dive into ARM template from a Function App next post Developer Toolbox – Microsoft Community Hub You may also like Insights from MVPs at the Power Platform Community Conference October 10, 2024 Restoring an MS SQL 2022 DB from a ANF SnapShot October 10, 2024 Your guide to Intune at Microsoft Ignite 2024 October 10, 2024 Partner Blog | Build your team’s AI expertise with upcoming Microsoft partner skilling opportunities October 10, 2024 Attend Microsoft Ignite from anywhere in the world! October 10, 2024 Get tailored support with the new Partner Center AI assistant (preview) October 10, 2024 Leave a Comment Cancel Reply Save my name, email, and website in this browser for the next time I comment.