How dangerous is Server Error in '/' Application.? - asp.net

I made this website of mine but now , someone E-mailed me and reported the following error:
Server Error in '/' Application.
Runtime Error
Description: An application error occurred on the server. The current
custom error settings for this application prevent the details of the
application error from being viewed remotely (for security reasons).
It could, however, be viewed by browsers running on the local server machine.
Details: To enable the details of this specific error message to be
viewable on remote machines, please create a <customErrors> tag within
a "web.config" configuration file located in the root directory of the
current web application. This <customErrors> tag should then have its
"mode" attribute set to "Off".
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
</configuration>
Notes: The current error page you are seeing can be replaced by a
custom error page by modifying the "defaultRedirect" attribute of the
application's <customErrors> configuration tag to point to a custom
error page URL.
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="RemoteOnly"
defaultRedirect="mycustompage.htm"/>
</system.web>
I wanted to know is this dangerous for my website?Can it be used to hack my website?If yes , how?
I can't change anything because I don't have access to my website for the following 4 months.

In short: Its NOT dangerous, It does NOT give any information about the error, just that it happened. It might give some information about the type of server you have, but thats already probably in your server banner (and elsewhere). I would not worry about it.

Related

Web Application Web Config run time error

Im working with Visual Studio 2012 Web Forms the website is starting normally when i open it from local server but when i move the files to GoDaddy hosting into httpdocs this error appears
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
</configuration>
Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
</system.web>
</configuration>
Your code is throwing an exception that you can't see. Change your code to mode="Off" as the message indicates. Long term I would recommend using a logging tool like ELMAH so you can see the exceptions and give end users the friendly page. http://www.hanselman.com/blog/ELMAHErrorLoggingModulesAndHandlersForASPNETAndMVCToo.aspx

Change to Web.config on IIS throws an exception. IIS reset needed

The situation is described by this question where the user updates the Web.config and he gets a weird error (completely unrelated from the real problem).
https://stackoverflow.com/a/7142817/196210
Is it possible to tell IIS to avoid creating problem when the config file is edited?
It appears that the problem is related to editing the file with VS.NET while editing it with Notepad++ works
Server Error in '/' Application
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
</configuration>
Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
</system.web>
</configuration>
IIS 7.0 or later will take the settings from web.config files. If your file is not properly edited, it won't be parsed by IIS and will not work at all.
You need to either change the custom error page to view the error outside the server or loginto the server and check the error. this way you will be able to see the error and fix it.

Runtime Error don't know at ALL what to do i have no experience with these things

Who can help me with this?? I don't know what the hell to do at all. From begining to end I don't even know how to create a tag or nothing. help me? asap this is how it looks:
Server Error in '/HRX' Application. Runtime Error Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Details: To enable the details of this specific error message to be viewable on remote machines, please create a tag within a "web.config" configuration file located in the root directory of the current web application. This tag should then have its "mode" attribute set to "Off".
Server Error in '/HRX' Application.
Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
</configuration>
Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
</system.web>
</configuration>
If you have remote access to the server then try to browse the page on the server locally.
Otherwise try to set customerrors mode to "Off" and deploy it.
<customErrors mode="Off"/>
If you do either way you will hopefully see a Exception StackTrace instead. That will probably give you a better clue of what that is wrong.
In addition to what others have said, it helps to install some sort of error handling capabilities. For a nearly plug and play solution, look into ELMAH (which can be installed easily with NUGET). This keeps a database of all the unhandled exceptions in your ASP.NET site and can even email you the error details when a problem is encountered.
Also, you'll want to set up a custom error page that explains to your users an unexpected error has occurred. This looks much more professional.

HTML & ASPX Link Issue

I've recentley moved my entire website from the root directory into a secure folder, but when I try to access it I now get a error: Runtime Error - Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine. Details: To enable the details of this specific error message to be viewable on remote machines, please create a tag within a "web.config" configuration file located in the root directory of the current web application. This tag should then have its "mode" attribute set to "Off".
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
</configuration>
Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's configuration tag to point to a custom error page URL.
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
</system.web>
</configuration>
Does anyone know what I'm doing wrong?
Set it to off to view the error (only if it's on a staging, non-production server). Remove the custom error page to see what's going on. Try and re-create the error on your dev machine first. You also have the option of logging or emailing the error stack to yourself.
Instead of moving the entire site to a "secure folder", implement some form of authentication for the pages you wish to protect.

Server Error in '/domain/website' Application

I am getting following error while i deployed the website..
Server Error in '/domain/website' Application.
Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
</configuration>
Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
</system.web>
</configuration>
I tried changing customErrors mode="Off" But no Joy ..same error repeats ...
Moreover , GenericErrorPage.htm is missing is this causing the error?
Any helping hands?
This is possibly because there is a syntax error in web.config. You could try replacing your current web.config with one that only contains this and see what happens:
<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
</configuration>
Are you using dual web.config in your website. eg.
if you are using one web.config in /domain and another in /domain/website. You need to convert the /website as an application.
however, I would suggest you to log into the server and browse the page, you will be able to see the real issue. If you are unsure how to fix it. post it once. We might be able to help you.

Resources