Hiding Asp.NET MVC version in the header

Question

I am familiar with hiding the ASP.Net MVC version that shows up in the header, when used network tools to inspect, by adding MvcHandler.DisableMvcResponseHeader = true; in the global.asax.cs file's Application_Start() method.

But my situation is, I do not have access to the repository / code and I have access only to the web server / IIS and the application's web.config

Is there a way to implement this , to hide the MVC version, in any of the out-bound rules ?

I am working with limited tools, since I do not have access to the code, and all I have on the web server is the packaged bundle of the application.

Thanks in advance.

Answer 1

You can implement this requirement by url rewrite rule. Please refer to the steps below:

1. Install the URL Rewrite extension

2. Then you can find the URL Rewrite module in your application site in IIS manager like below screenshot.

3. Double click URL Rewrite module and click "View Server Variables.."

4. Add a server variable named RESPONSE_X-AspNetMvc-Version

5. Then back to rules and add a outbound rule.

6. Set the outbound rule as below:

7. After apply the rule and browse your site, you can find the value of X-AspNetMvc-Version in response header is hidden.