For security reasons (not to show .net framework version), I want to be sure that the asp.net yellow page (error page) is never displayed to a visitor.
What is the best practice?
Note that i used Custom as error mode for the httperrors but then:
- Do I have to declare all potential http errors? I could forget a status...
- Better way?
Sample of my web.config:
<httpErrors errorMode="Custom">
<remove statusCode="502" subStatusCode="-1" />
<remove statusCode="501" subStatusCode="-1" />
<remove statusCode="412" subStatusCode="-1" />
<remove statusCode="406" subStatusCode="-1" />
<remove statusCode="405" subStatusCode="-1" />
<remove statusCode="403" subStatusCode="-1" />
<remove statusCode="401" subStatusCode="-1" />
<remove statusCode="400" subStatusCode="-1" />
<remove statusCode="404" subStatusCode="-1" />
<remove statusCode="500" subStatusCode="-1" />
<error statusCode="404" path="/404Page.aspx" responseMode="ExecuteURL" />
<!-- ETC error for each status .... -->
</httpErrors>
This is what i have in my web.config for a project. It catches pretty much everything... You can have as many custom error codes as you want using this method.
<customErrors mode="On" defaultRedirect="pgError.aspx">
<error statusCode="504" redirect="pgNoConnection.aspx"/>
</customErrors>
I think that specifying a defaultRedirect would cause any error code to be redirected to this default page.
On this example all http error codes are redirected to GenericError.htm except for 500, that is redirected to InternalError.htm. You can remove the line that cause a different redirection to status code 500 and all error would go to the same page.
<configuration>
<system.web>
<customErrors defaultRedirect="GenericError.htm"
mode="RemoteOnly">
<error statusCode="500"
redirect="InternalError.htm"/>
</customErrors>
</system.web>
</configuration>
Here you have the complete MSDN reference for customErrors section
For not getting yellow page follow this steps copied from this Microsoft article:
(1) Design you custom Error page e.g Error.aspx
(2) With the error page completed, configure the web application to use the custom error page in lieu of the Runtime Error YSOD. This is accomplished by specifying the URL of the error page in the section's defaultRedirect attribute. Add the following markup to your application's Web.config file:
<configuration>
...
<system.web>
<customErrors mode="RemoteOnly"
defaultRedirect="~/ErrorPages/Oops.aspx" />
...
</system.web>
</configuration>
(3) By default, all types of errors cause the same custom error page to be displayed. However, you can specify a different custom error page for a specific HTTP status code using children elements within the section. For example, to have a different error page displayed in the event of a page not found error, which has an HTTP status code of 404, update the section to include the following markup:
<customErrors mode="RemoteOnly" defaultRedirect="~/ErrorPages/Oops.aspx">
<error statusCode="404" redirect="~/ErrorPages/404.aspx" />
</customErrors>
Related
I have custom error pages setup on an ASP.NET website.
There is one error that is not showing a custom error page, and just showing the usual yellow ASP.NET error page. If custom errors are turned on it shows "Server error in / application" / "Runtime error", but if custom errors are off it shows "validation of viewstate mac failed" error.
The relevant parts of my web.config are:
<system.web>
<compilation debug="false" targetFramework="4.0" />
<customErrors mode="On" redirectMode="ResponseRewrite">
<error statusCode="404" redirect="/404.aspx" />
<error statusCode="500" redirect="/500.aspx" />
</customErrors>
<system.webServer>
<httpErrors errorMode="DetailedLocalOnly" />
To trap for this error do I have to use a different status code or substatuscode or is there something else?
NB. Server 2008 R2, IIS 7.
After further research I see that this means that IIS is displaying the error rather than ASP.NET.
I changed the system.webServer part of my web.config so IIS can also use the custom error page and that has solved the problem.
<system.webServer>
<httpErrors errorMode="Custom" existingResponse="Replace">
<remove statusCode="500" subStatusCode="-1" />
<error statusCode="500" subStatusCode="-1" responseMode="ExecuteURL" path="/500.aspx" />
</httpErrors>
Currently I am using UrlRewritingNet.UrlRewrite dll for URL rewriting in Asp.Net #3.5.
Without using any special character it works fine ex. URL1.
But after giving special characters in URL it throws Bad Request error ex. URL2
URL1: http://www.example.com/search/0253
URL2: http://www.example.com/search/0253:0253
To handle this error, I want to redirect it to some other Error Page, How can I do this?
On IIS 7+ you can define error pages for all statuses, for 400 Bad Request :
<httpErrors>
<error statusCode="400" path="/bad-request.aspx" prefixLanguageFilePath="" responseMode="ExecuteURL"/>
</httpErrors>
or trough IIS console go to the error pages and add custom error page for status code 400 :
The best way is by using Web.config file like
<system.web>
<!-- other system.web stuff -->
<customErrors defaultRedirect="/Error404.aspx" mode="On" redirectMode="ResponseRewrite">
<error redirect="/Error404.aspx" statusCode="404" />
</customErrors>
</system.web>
<system.webServer>
<!-- other system.webServer stuff -->
<httpErrors errorMode="Custom">
<remove statusCode="404" subStatusCode="-1" />
<error statusCode="404" prefixLanguageFilePath="" path="/Error404.aspx" responseMode="ExecuteURL" />
</httpErrors>
</system.webServer>
For more details click here
i have successfully added a custom 404 page. what I want to do is to create another custom error page that is displayed when there is any error other than 404. e.g. 500, 403 etc.
this is what I have right now in webconfig
<httpErrors errorMode="Custom" existingResponse="Replace">
<remove statusCode="404" subStatusCode="-1" />
<error statusCode="404" path="/404.aspx" responseMode="ExecuteURL"/>
</httpErrors>
Oh, my. I cannot believe I could not find a proper answer for this simple question! Nevertheless, after 2 hours of reading the docs and debugging, I found it.
<httpErrors errorMode="Custom" existingResponse="Auto" defaultResponseMode="ExecuteURL" defaultPath="/App/Error"> <!-- Do not include ~, this was my issue all long -->
<clear/> <!-- so that IIS provided error pages are skipped -->
<!-- add those which you like to provide a view of yours -->
<error path="/App/Http404" responseMode="ExecuteURL" statusCode="404"/>
<error path="/App/Http503" responseMode="ExecuteURL" statusCode="503"/>
</httpErrors>
Beaware that <httpErrors> configures IIS, while <customErrors> configures ASP.NET and some older versions of IIS (<=6?).
You can use customErrors in webconfig :
<customErrors mode="On" defaultRedirect="~/DefaultError.aspx?msg=SomeMessage">
<error statusCode="404" redirect="~/PageNotFound.html"/>
<error statusCode="403" redirect="~/AccessDenied.html"/>
</customErrors>
So I've set up a rule in IIS7 to redirect to a specific page on a 404 error.
This works great as long as I'm typing URLs such as:
www.abc.com/Test/
However as soon as I attempt to access a file that doesn't exist
www.abc.com/Test/Test.aspx
I get the ASP.Net error message:
Server Error in '/' Application.
The resource cannot be found.
How can I keep ASP.Net from swallowing the 404 error and overriding my settings in IIS7?
EDIT: Here's my web.config file. IIS added the system.webServer stuff not me.
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
<system.webServer>
<httpErrors>
<remove statusCode="403" subStatusCode="-1" />
<remove statusCode="404" subStatusCode="-1" />
<error statusCode="404" prefixLanguageFilePath="" path="/redir.aspx" responseMode="ExecuteURL" />
<error statusCode="403" prefixLanguageFilePath="" path="/redir.aspx" responseMode="ExecuteURL" />
</httpErrors>
</system.webServer>
</configuration>
If you're in Classic pipeline mode, you may be able to use the "Invoke handler only if request is mapped to file" option. I had to turn it on for two .aspx mappings--I think one was 32 bit and one was 64.
I have an ASP.Net website and I want to use a custom error page. I put the following code in my web.config
<customErrors mode="On" defaultRedirect="~/error.aspx">
<error statusCode="404" redirect="~/error.aspx" />
</customErrors>
The problem is when i go to a URL that does not exist is still uses the 404 error page specified in IIS Manager.
Question: How can I make it use the error.aspx page I have created? Why do the settings in IIS Manager override the web.config?
Try this way, almost same.. but that's what I did, and working.
<configuration>
<system.web>
<customErrors mode="On" defaultRedirect="apperror.aspx">
<error statusCode="404" redirect="404.aspx" />
<error statusCode="500" redirect="500.aspx" />
</customErrors>
</system.web>
</configuration>
or try to change the 404 error page from IIS settings, if required urgently.
There are 2 ways to configure custom error pages for ASP.NET sites:
Internet Information Services (IIS) Manager (the GUI)
web.config file
This article explains how to do each:
How To Set Up Custom Error Pages In IIS 7.5 With ASP.NET
The reason your error.aspx page is not displaying might be because you have an error in your web.config. Try this instead:
<configuration>
<system.web>
<customErrors defaultRedirect="error.aspx" mode="RemoteOnly">
<error statusCode="404" redirect="error.aspx"/>
</customErrors>
</system.web>
</configuration>
You might need to make sure that Error Pages in IIS Manager - Feature Delegation is set to Read/Write:
Also, this answer may help you configure the web.config file:
What is the difference between customErrors and httpErrors?
<customErrors defaultRedirect="~/404.aspx" mode="On">
<error statusCode="404" redirect="~/404.aspx"/>
</customErrors>
Code above is only for "Page Not Found Error-404" if file extension is known(.html,.aspx etc)
Beside it you also have set Customer Errors for extension not known or not correct as
.aspwx or .vivaldo. You have to add httperrors settings in web.config
<httpErrors errorMode="Custom">
<error statusCode="404" prefixLanguageFilePath="" path="/404.aspx" responseMode="Redirect" />
</httpErrors>
<modules runAllManagedModulesForAllRequests="true"/>
it must be inside the <system.webServer> </system.webServer>
<system.webServer>
<httpErrors errorMode="DetailedLocalOnly">
<remove statusCode="404" subStatusCode="-1" />
<error statusCode="404" prefixLanguageFilePath="" path="your page" responseMode="Redirect" />
</httpErrors>
</system.webServer>
Is it a spelling error in your closing tag ie:
</CustomErrors> instead of </CustomError>?