Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Sherry Ann Hernandez 320 posts 344 karma points
    May 22, 2011 @ 08:03
    Sherry Ann Hernandez
    0

    remove the umbraco http header

    Is there a way to remove the http header X-Umbraco-Version: 4.6 on my umbraco installation?

  • Daniel Bardi 927 posts 2562 karma points
    May 22, 2011 @ 09:49
    Daniel Bardi
    0

    Try editing the umbraco.aspx

  • Sherry Ann Hernandez 320 posts 344 karma points
    May 22, 2011 @ 17:03
    Sherry Ann Hernandez
    0

    Didn't find anything there.

  • Lesley 284 posts 143 karma points
    May 22, 2011 @ 17:34
    Lesley
    0

    Hi Sherry,

    This http header is set by umbraco.dll.

    If you're desperate to remove it you could edit the source and recompile, but I've no idea whether that might have a knock-on effect and break other functionality. If you want to give it a go, it's the onInit method of UmbracoDefault class.

    Lesley

  • Richard Soeteman 4046 posts 12899 karma points MVP 2x
    May 23, 2011 @ 09:26
    Richard Soeteman
    0

    Hi,

    Why you want to do this? Personally I wouldn't touch the source code for this. When you do that it means that you need to tweak the souce for every upgrade.

    Cheers,

    Richard

  • Sherry Ann Hernandez 320 posts 344 karma points
    May 23, 2011 @ 09:33
    Sherry Ann Hernandez
    0

    Client request. :(

     

  • Richard Soeteman 4046 posts 12899 karma points MVP 2x
    May 23, 2011 @ 09:37
    Richard Soeteman
    0

    Serious? Well what you always could do is write an HTTPModule that removes the header, but still seems silly to me ;-)

  • Sherry Ann Hernandez 320 posts 344 karma points
    May 23, 2011 @ 09:55
    Sherry Ann Hernandez
    0

    yes i'm serious about it. getting a lot of request that is driving me nuts. btw richard, have you seen my other post regarding the media picker. It's bugging me for a couple of days now and I'm stuck on how to solve it. Maybe you can give some idea.

     

  • Åke Järvklo 23 posts 69 karma points
    Aug 11, 2011 @ 11:43
    Åke Järvklo
    2

    To be able to remove the "X-Umbraco-Version" http header is IMHO a reasonable request (fully comparable with the possibility to be able to *not* be forced to use a "meta generator" tag to expose your platform and the possibility to be able to rename the /umbraco folder if need be).

    It is IMHO good practice not to expose your CMS brand at all if you are at all concerned for "script kiddie attacks" or automated robot attacks to your site.
    If you've ever thought about providing top notch defences for your site against that, this requirement IMHO is a no-brainer (Wordpress is for example proven again and again as extremely vulnerable to script kiddie attacks since it announces its version as a metatag in pracrtically all its provided templates - thereby making WP sites open for "harvesting" by spiders and robots dedicated to find "hackable" sites - ie. sites that has not been updated (yet) each time there's a security update)

    IMHO Umbraco would be an even better system if this was opt-out configurable somehow. Granted - the risks are smaller in te Umbraco universe,  but this is still a reasonable requirement for those concerned about security!

    ie. short version: I'm also interested as this as a security enhancing feature. Is it possible somehow, or would the core team please consider this as an extension to the Umbraco settings?

  • Hendy Racher 863 posts 3849 karma points MVP 2x admin c-trib
    Aug 11, 2011 @ 11:55
    Hendy Racher
    1

    An option in umbracoSettings.config to enable / disable would be ideal.

  • Laurence Gillian 600 posts 1219 karma points
    Aug 11, 2011 @ 12:00
    Laurence Gillian
    0

    Yes I'd vote this up, if it was a ticket on Codeplex. /Lau

  • Åke Järvklo 23 posts 69 karma points
    Aug 12, 2011 @ 15:12
    Åke Järvklo
    1

    Ticket submitted - http://umbraco.codeplex.com/workitem/30410 - Please vote it up if this issue concerns or affects you.

  • Åke Järvklo 23 posts 69 karma points
    Aug 20, 2011 @ 23:04
    Åke Järvklo
    0

    Thank you voters (and Niels :)  )!

    The issue is now marked as resolved in codeplex, and a solution included for release in 4.7.1. 

  • Simon Kibsgård 62 posts 73 karma points
    Oct 17, 2011 @ 22:50
    Simon Kibsgård
    1

    Yup, just did a search for it (and disabled it) in the umbracoSettings.config: <removeUmbracoVersionHeader>true</removeUmbracoVersionHeader>

    Thank you friendly open source cms!

  • Åke Järvklo 23 posts 69 karma points
    Sep 01, 2012 @ 15:02
    Åke Järvklo
    0

    From the release notes of 4.8.1

    For security reasons
    The X-Umbraco-Version header has been removed

     #h5yr !

    Thank you for taking this seriously !

Please Sign in or register to post replies

Write your reply to:

Draft