azure_web_app_security_hardening
This is an old revision of the document!
Table of Contents
Azure Web App Security Hardening
HTTPS Only
~/App_Start/FilterConfig.cs:
public static void RegisterGlobalFilters(GlobalFilterCollection filters) { // Add this: filters.Add(new RequireHttpsAttribute());
Remove Unnecessary Headers
~/Global.asax.cs:
protected void Application_Start() { ... // Add this: MvcHandler.DisableMvcResponseHeader = true; } // Add this method: protected void Application_PreSendRequestHeaders(object sender, EventArgs e) { Response.Headers.Remove("server"); }
~/Web.config:
<system.web> <!-- Add enableVersionHeader="false" --> <httpRuntime targetFramework="4.5.2" enableVersionHeader="false" /> ...
<system.webServer> ... <!-- Add this section. --> <httpProtocol> <customHeaders> <remove name="X-Powered-By"/> </customHeaders> </httpProtocol> </system.webServer>
azure_web_app_security_hardening.1510973948.txt.gz · Last modified: 2017/11/19 03:59 (external edit)