I applied server level Outbound Rule in IIS URL Rewrite section for RESPONSE_VARY, RESPONSE_X-POWERED-BY and RESPONSE_SERVER using pattern value ".+" for hiding information from browser header.It is working fine only for .aspx pages but when I click .css file,.js or .jpg through developer tools still information is showing. I checked all folders in IIS all rules are available because I applied at server level but why it is working for .aspx extension and not for others extensions. I want these rules applied all over the website.
0
votes
Please post your rule. If you set content-type in pre-condition for *\text then outbound rule won't work for these files. Besides, please try to enable failed request tracing for your web application and you may find the root cause. If these static files are dispatched from other CDN site, outbound rule also won't work.
– Jokies Ding
I followed these steps through "techcommunity.microsoft.com/t5/iis-support-blog/…" at root level. My header is showing "Content-Type: text/css" and I am also using "X-Content-Type-Options: nosniff" but still Server, X-Powered-By headers are showing when I click in style.css through developer tool. Css files are available in application folders. How to remove headers in .css and .jpg files in domain?
– user3671390
1 Answers
1
votes
I can rewrite content type and X-powered-by for static content with rule below.
<outboundRules>
<rule name="rewriterule1">
<match filterByTags="None" serverVariable="RESPONSE_Content-Type" pattern="(.*)" />
<action type="Rewrite" value="" />
</rule>
<rule name="rewriterule2">
<match serverVariable="RESPONSE_X-POWERED-BY" pattern="(.*)" />
<action type="Rewrite" value="" />
</rule>
</outboundRules>
