Coldfusion is currently handling *.cfm and *.html pages. If I request a non-existing page, such as www.example.com/sadfasdfasd.cfm, IIS still passes the request off to the Coldfusion handler instead of directing to the IIS 404 error page. The Coldfusion handler responds with the Debugger page stating that the file is not found. How can I get IIS to check if a file exists before passing it to the handler. If it doesn't exist, I'd like it to display the 404 error page. Currently my error pages are setup to provide detailed errors for both local and remote.
If you go into IIS and turn off detailed error messages, it will display the IIS error rather than letting coldfusion handle it.
If you have access to the IIS Manager, go to the site > Error pages > "edit feature" on the right side. There is probably equivalent code you can put into your web.config file to handle this too.
You can choose any of the other options depending on your needs.
Please note this is also the feature that allows you to see the coldfusion errors from coldfusion's debugger.
Try adding an httpErrors entry to your root web.config file as follows:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<httpErrors errorMode="Custom">
<remove statusCode="404" subStatusCode="-1" />
<error statusCode="404" path="404.html" responseMode="File" />
</httpErrors>
</system.webServer>
</configuration>
Your custom 404.html page should also reside in the root folder.
Related
I have a site where only authorizated users can access.
I also have a custom error page if a 401.2 is raised.
I configured web.config in the following way:
<system.webServer>
<httpErrors errorMode="Custom">
<remove statusCode="401" subStatusCode="-1" />
<error statusCode="401" subStatusCode="-1"
path="ERRORS\unauthorized.html"
responseMode="File">
</error>
</httpErrors>
</system.webServer>
However when I try access to my site the following happen:
http://localhost --> the ERRORS\unauthorized.html is showed;
http://localhost/index.html --> the ERRORS\unauthorized.html is not showed and I can access the page!
I also noticed two things:
if I change the page to index.aspx the ERRORS\unauthorized.html is showed;
if I use a different statusCode, i.e., 404 the HTML page is showed.
so what am I not understanding? Where is my mistake?
P.S.
I'm using IIS 10 and .NET 4.7
What authentication are you using?
Assuming you are using Anonymous authentication at the IIS level and some kind of authentication in asp.net or system.web layer, the asp.net pipeline doesn't come into picture when you access the static files as they are handled by the static file handler. SO the authorization is not coming into picture. ALso try to configure the app pool to run in integrated mode and try, because integrated mode combines iis and asp.net pipeline, if youa are running in classic it won't
ALso to add another note on the line, 401.2 is a status responded back by the server that there is no user info being passed and client has to login, this doesn't necessarily have to deal with authorization and it is a way of authentication how servers work.
I know how to use custom errors in asp.net web.config file when a non existent .aspx page is requested by the user like following;
<customErrors mode="On" defaultRedirect="/error.aspx">
<error statusCode="404" redirect="/error.aspx"/>
</customErrors>
and is working fine for me, but when I tried to access non existent static resource such as test.htm, I am served with blue screen of death by IIS.
If somebody knows how to redirect user to customized page say resourcenotfound.aspx when a non existing resource is requested by the user, then please suggest me.
Thanks in advance.
Where you are implementing your custom errors only affects things running through the ASP.NET pipeline (.aspx files for instance). By default, IIS does not send request for static files (.html, .htm, .css, .js) through the ASP.NET pipeline. As a result, you are getting the standard IIS error page (the blue one, yellow ones are for ASP.NET errors).
In order to override the IIS standard error files for Any response, you need to use the <httpErrors> element in the <system.webServer> element.
<configuration>
<system.webServer>
<httpErrors errorMode="Custom" existingResponse="Replace">
<remove statusCode="404" subStatusCode="-1" />
<error statusCode="404" path="Error.aspx" responseMode="ExecuteURL"/>
</httpErrors>
</system.webServer>
</configuration>
Details for this answer were taken from the official IIS website and this blog entry
NOTE
I've determined the the problem I'm describing below is specific to an error enountered loading DLL files specified in the web.config file. I would like to present a user-friendly error even in the case of web.config errors.
END NOTE
When my ASP.Net application encounters a server error I would like it to present a custom error message to the user instead of the following default scary message.
Server Error in '/' Application.
Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
</configuration>
Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
</system.web>
</configuration>
I wrote a very simple HTML page and put it in the root of my application. It is called MaintenancePage.htm.
I've set my web.config file to the following:
<customErrors mode="RemoteOnly" defaultRedirect="MaintenancePage.htm">
<error statusCode="404" redirect="PageNotFound.aspx" />
</customErrors>
I've also tried ~/MaintenancePage.htm and http://[mysite]/MaintenancePage.htm. None of those options seem to work.
The way I'm testing this is to rename a DLL my project depends upon and then loading up the site in a web browser. I would expect that since there is an error and a defaultRedirect set there should be no problem showing the error page, however, I'm obviously wrong.
I've search around concerning this problem and it seem that most people are trying to redirect to an aspx page, and are encountering error with doing that. Many even report that they can't get the aspx page to load as a defaultRedirect, but they can get an html page to load.
What could I be doing wrong here?
I should note that I'm doing my testing from a different network outside the company firewall, so changing RemoteOnly to On is not the issue per the documentation. In testing changing RemoteOnly to On had no effect, as expected.
Change RemoteOnly to On.
RemoteOnly:
Specifies that custom errors are shown only to remote clients and
ASP.NET errors are shown to the local host
Also, your URL may be absolute or relative.
Read more about the customErrors settings
To watch it work locally:
<customErrors mode="On" defaultRedirect="/MaintenancePage.htm">
<error statusCode="404" redirect="/PageNotFound.aspx" />
</customErrors>
Easier way to test.
Try a bad url and watch your 404 error take over
Put this on your default.aspx page <% throw new Exception("gaah"); %>
And one other thing to consider: Error Logging. Can be achieved easily through ELMAH.
I'm testing an IIS 7.5 site with Managed Pipeline Mode = 'Integrated'
My site targets mobile devices and leverages well formed URLs to pass parameters with a minimum of typing. For example 'mysite.com/bob1234' in this case 'bob1234' is actually parameter.
In the Application.BeginRequest, I process the Request.Url.AbsolutePath using a regular expression to determine if the URL is well formed.
I wanted to add a Custom 404 page, if a user mistypes the URL i.e. mysite.com/boob1234.
<system.web>
<customErrors mode="RemoteOnly" defaultRedirect="~/MobileError.aspx">
<error statusCode="404" redirect="404.htm"/>
</customErrors>
</system.web>
And while this catches errors when the extension is '.aspx', it does not catch 404(s) when no handler is mapped, for example '/mysite.com/boob1234'.
I followed the instructions and also added a element to my system.webserver
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<httpErrors defaultResponseMode="Redirect" errorMode="DetailedLocalOnly">
<remove statusCode="404" subStatusCode="-1"/>
<error statusCode="404" prefixLanguageFilePath=""
path="/mobile/MobileError.aspx" responseMode="ExecuteURL"/>
</httpErrors>
</system.webServer>
But no iteration of this seems to work. When I uncomment the block, I get a 500 error. And no, there doesn't seem to be any problem with my code. I get a 500 error, even when I just forward to an plain HTML Page.
I did implement failed request tracing to see what I could see.
I get the expected: 404 thrown by IIS Web Core.
Then a few steps later the CustomerErrorModule starts, but it fails with a 500 error. The detailed message is
ConfigExceptionInfo:
\?\C:.....\MyApp\web.config ( 89)
:This configuration section cannot be
used at this path. This happens when
the section is locked at a parent
level. Locking is either by default
(overrideModeDefault="Deny"), or set
explicitly by a location tag with
overrideMode="Deny" or the legacy
allowOverride="false".
I've tried walking up the '.config' stack, and haven't found any references to overrideMode="Deny"
Any help would be awesome. Totally stuck now.
Thanks:
Dylan
This has to do with the lifecycle of a request within IIS. In your case where there is no handler mapped, the 404 is recognized before the ASP dlls are even called into play. For items that are not explicitly identified in IIS as requiring Asp.Net, the IIS 404 error will fire and ignore any directives within Asp.Net. Even if a wild-card is applied to the all extensions, this wild-card is only called if IIS does not detect a 404 first. This includes directories and all file extensions not handled explicitly by .Net. So if you attempt to go to http://mydomain.com/images/someimage.gif and that file does not exist, you will not receive a .Net 404 error handler. If you change .gif to .aspx the handler will subsequently fire. The only method I have seen that adequately responds to this is to change all of your 404 handlers within IIS to redirect to a URL file on your local site. It will pass an aspxerror querystring, but if you put a ?error= in your url declaration, you will be able to add specific information.
One other thing I tried, though I'm not sure I tried it correctly, is reassigning the mapping for the file within IIS. We defined that Asp.Net should handle all requests for .gif at one point. The problem I had is that an image didn't come out, a Base64 encoding (I think?) text came out. Being under a deadline I did not pursue this as the simpler solution was to use the IIS custom errors mappings.
Have your tried unlocking the configuration section in the applicationhost.config?
<location path="example.net" overrideMode="Allow">
<system.webServer>
<httpErrors>
</httpErrors>
</system.webServer>
</location>
Reference: http://learn.iis.net/page.aspx/124/introduction-to-applicationhostconfig/#Locking
Just a stab in the dark, try adding this attribute to the httpErrors element:
existingResponse="PassThrough"
For example:
<httpErrors existingResponse="PassThrough"
defaultResponseMode="Redirect"
errorMode="DetailedLocalOnly">
I have asp.net site with custom 404.htm.
It is configured with customErrors section to handle aspx.
<customErrors mode="On" defaultRedirect="404.htm">
<error statusCode="403" redirect="404.htm" />
<error statusCode="404" redirect="404.htm" />
</customErrors>
<system.webServer>
<httpErrors>
<error statusCode="404" path="404.htm" />
<error statusCode="500" path="404.htm" />
</httpErrors>
<modules runAllManagedModulesForAllRequests="true">
...
</system.webServer>
It handles wrongname.aspx well. But for non-aspx requests such as wrongname.htm IIS7 still returns generic error message, not my custom. How to force him do that, say, for all errors for this site, including 500? Should I write a module or it is possible declaratively?
You can set custom error pages for most of the HTTP errors through the IIS settings for your website. (In IIS 5 this is the Properties->Custom Errors tab, not sure where you'd find it for IIS7)
In order for the custom 404 to apply the approrpiate bit of IIS has to be set up to handle the extension that you are using.
For the integrated pipeline in IIS7 I thought (though IIS7 makes one's life interesting) that the default was to process all extensions.
First check whether you've got the app running in Classic or Integrated - if the former then that will be part of the problem, if the latter.... I have to work this out every time (I don't do it enough).
When testing locally, iis7 will tend to show you a generic error message unless you add an attribute to httpErrors, errorMode="Custom". You'll need to edit C:\Windows\System32\inetsrv\config\applicationHost.config to allow this.