Whitehouse.gov ASP.NET code – What is “X-Aspnet-Version”?

January 22, 2009 § Leave a comment

Today, I came across this blog analyzing the new whitehouse.gov site prepared for the Obama administration. I’m not going to comment too much on the blog itself, but there was a section that I had never heard of before, so I thought I’d research it a little more.

The whitehouse.gov site uses ASP.NET 2.0. The HTTP header that identifies the software says “X-Aspnet-Version: 2.0.50727”. There is a way for this header to be removed, which saves about 30 bytes of bandwidth on every response. [Search for ‘X-Aspnet-Version’]

Now, 30 bytes on every request matters basically not at all. On a 56Kbps (Kilobits per second) dialup connection (not broadband, mind you), you’re transmitting about 7KBps (Kilobytes per second). At that speed, 30 bytes would take roughly .004 seconds. So yeah, it basically doesn’t matter at all. However, knowledge for the sake of knowledge is laudable, and besides, removing this information gives potential malicious users one less piece of information to use against you, so I thought I’d figure out exactly how to do this, since the author doesn’t explain how to remove this http header, but instead leaves it as an exercise for the reader.

Turns out, this is really easy. Simply modify your web.config file to specify that version headers should not be enabled – as shown here:

<configuration>
  <system.web>
    <httpRuntime enableVersionHeader="false"/>
  </system.web>
</configuration>

So yeah, quick and easy to do. Granted, it’s probably mostly pointless, but at least you know now, and knowing is half the battle.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

What’s this?

You are currently reading Whitehouse.gov ASP.NET code – What is “X-Aspnet-Version”? at Mike Vallotton's Blog.

meta

%d bloggers like this: