Change ASP.NET Version of Azure app service
Our application has a header that specifies X-AspNet-Version → 4.0.30319
. This is bad not only because we're displaying which version we're using, which those with malicious intent could use against us, but also because the version itself has many vulnerabilities. My question is not how to hide the header, I've already figured that out, but rather I'd like to actually upgrade the version. I am using an Azure app service and in my web.config
file I have tried the code below to no avail.
<httpRuntime targetFramework="4.7.1" />
The header still shows the same (X-AspNet-Version → 4.0.30319
). How am I suppose to update this? Is it something that I can't control? I am not even using ASP.NET in my application.
asp.net azure http-headers azure-web-app-service
add a comment |
Our application has a header that specifies X-AspNet-Version → 4.0.30319
. This is bad not only because we're displaying which version we're using, which those with malicious intent could use against us, but also because the version itself has many vulnerabilities. My question is not how to hide the header, I've already figured that out, but rather I'd like to actually upgrade the version. I am using an Azure app service and in my web.config
file I have tried the code below to no avail.
<httpRuntime targetFramework="4.7.1" />
The header still shows the same (X-AspNet-Version → 4.0.30319
). How am I suppose to update this? Is it something that I can't control? I am not even using ASP.NET in my application.
asp.net azure http-headers azure-web-app-service
What .Net Framework is your application using? Also you can specify the target .Net Framework of your app service in app settings.
– Simon Bourdeau
Nov 14 '18 at 21:58
add a comment |
Our application has a header that specifies X-AspNet-Version → 4.0.30319
. This is bad not only because we're displaying which version we're using, which those with malicious intent could use against us, but also because the version itself has many vulnerabilities. My question is not how to hide the header, I've already figured that out, but rather I'd like to actually upgrade the version. I am using an Azure app service and in my web.config
file I have tried the code below to no avail.
<httpRuntime targetFramework="4.7.1" />
The header still shows the same (X-AspNet-Version → 4.0.30319
). How am I suppose to update this? Is it something that I can't control? I am not even using ASP.NET in my application.
asp.net azure http-headers azure-web-app-service
Our application has a header that specifies X-AspNet-Version → 4.0.30319
. This is bad not only because we're displaying which version we're using, which those with malicious intent could use against us, but also because the version itself has many vulnerabilities. My question is not how to hide the header, I've already figured that out, but rather I'd like to actually upgrade the version. I am using an Azure app service and in my web.config
file I have tried the code below to no avail.
<httpRuntime targetFramework="4.7.1" />
The header still shows the same (X-AspNet-Version → 4.0.30319
). How am I suppose to update this? Is it something that I can't control? I am not even using ASP.NET in my application.
asp.net azure http-headers azure-web-app-service
asp.net azure http-headers azure-web-app-service
asked Nov 14 '18 at 21:06
cbrawlcbrawl
342210
342210
What .Net Framework is your application using? Also you can specify the target .Net Framework of your app service in app settings.
– Simon Bourdeau
Nov 14 '18 at 21:58
add a comment |
What .Net Framework is your application using? Also you can specify the target .Net Framework of your app service in app settings.
– Simon Bourdeau
Nov 14 '18 at 21:58
What .Net Framework is your application using? Also you can specify the target .Net Framework of your app service in app settings.
– Simon Bourdeau
Nov 14 '18 at 21:58
What .Net Framework is your application using? Also you can specify the target .Net Framework of your app service in app settings.
– Simon Bourdeau
Nov 14 '18 at 21:58
add a comment |
1 Answer
1
active
oldest
votes
How am I suppose to update this? Is it something that I can't control?
Short answer is that we can't do it. X-AspNet-Version → 4.0.30319 is not the actual .NET framework version. It is the version of the CLR. .Net 4, 4.5 and later releases the CLR version include CLR 4.
For more information, please refer to .NET Framework versions and dependencies
The CLR is identified by its own version number. The .NET Framework version number is incremented at each release, although the CLR version is not always incremented. For example, the .NET Framework 4, 4.5, and later releases include CLR 4, but the .NET Framework 2.0, 3.0, and 3.5 include CLR 2.0. (There was no version 3 of the CLR.)
This is bad not only because we're displaying which version we're using, which those with malicious intent could use against us, but also because the version itself has many vulnerabilities.
For security reason, as you mentioned that you could hide the header.
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53308717%2fchange-asp-net-version-of-azure-app-service%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
How am I suppose to update this? Is it something that I can't control?
Short answer is that we can't do it. X-AspNet-Version → 4.0.30319 is not the actual .NET framework version. It is the version of the CLR. .Net 4, 4.5 and later releases the CLR version include CLR 4.
For more information, please refer to .NET Framework versions and dependencies
The CLR is identified by its own version number. The .NET Framework version number is incremented at each release, although the CLR version is not always incremented. For example, the .NET Framework 4, 4.5, and later releases include CLR 4, but the .NET Framework 2.0, 3.0, and 3.5 include CLR 2.0. (There was no version 3 of the CLR.)
This is bad not only because we're displaying which version we're using, which those with malicious intent could use against us, but also because the version itself has many vulnerabilities.
For security reason, as you mentioned that you could hide the header.
add a comment |
How am I suppose to update this? Is it something that I can't control?
Short answer is that we can't do it. X-AspNet-Version → 4.0.30319 is not the actual .NET framework version. It is the version of the CLR. .Net 4, 4.5 and later releases the CLR version include CLR 4.
For more information, please refer to .NET Framework versions and dependencies
The CLR is identified by its own version number. The .NET Framework version number is incremented at each release, although the CLR version is not always incremented. For example, the .NET Framework 4, 4.5, and later releases include CLR 4, but the .NET Framework 2.0, 3.0, and 3.5 include CLR 2.0. (There was no version 3 of the CLR.)
This is bad not only because we're displaying which version we're using, which those with malicious intent could use against us, but also because the version itself has many vulnerabilities.
For security reason, as you mentioned that you could hide the header.
add a comment |
How am I suppose to update this? Is it something that I can't control?
Short answer is that we can't do it. X-AspNet-Version → 4.0.30319 is not the actual .NET framework version. It is the version of the CLR. .Net 4, 4.5 and later releases the CLR version include CLR 4.
For more information, please refer to .NET Framework versions and dependencies
The CLR is identified by its own version number. The .NET Framework version number is incremented at each release, although the CLR version is not always incremented. For example, the .NET Framework 4, 4.5, and later releases include CLR 4, but the .NET Framework 2.0, 3.0, and 3.5 include CLR 2.0. (There was no version 3 of the CLR.)
This is bad not only because we're displaying which version we're using, which those with malicious intent could use against us, but also because the version itself has many vulnerabilities.
For security reason, as you mentioned that you could hide the header.
How am I suppose to update this? Is it something that I can't control?
Short answer is that we can't do it. X-AspNet-Version → 4.0.30319 is not the actual .NET framework version. It is the version of the CLR. .Net 4, 4.5 and later releases the CLR version include CLR 4.
For more information, please refer to .NET Framework versions and dependencies
The CLR is identified by its own version number. The .NET Framework version number is incremented at each release, although the CLR version is not always incremented. For example, the .NET Framework 4, 4.5, and later releases include CLR 4, but the .NET Framework 2.0, 3.0, and 3.5 include CLR 2.0. (There was no version 3 of the CLR.)
This is bad not only because we're displaying which version we're using, which those with malicious intent could use against us, but also because the version itself has many vulnerabilities.
For security reason, as you mentioned that you could hide the header.
answered Nov 15 '18 at 0:59
Tom SunTom Sun
17.4k2922
17.4k2922
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53308717%2fchange-asp-net-version-of-azure-app-service%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
What .Net Framework is your application using? Also you can specify the target .Net Framework of your app service in app settings.
– Simon Bourdeau
Nov 14 '18 at 21:58