Menu
We currently has a page that is used to display a generic error message when errors occur on our website. It has no functionality at all other than displaying a label that mentions there was an error.
Here is my issue, our client has ran a security review and tells us our error page contains phishing due to the URL in the query string, now I don't consider this a problem, but to put an end to the question, I'd like to remove the query string.
My web.config entry is this:
<customErrors mode="On" defaultRedirect="~/DefaultErrorPage.aspx">
</customErrors>
When an error occurs, it goes to DefaultErrorPage.aspx?aspxerrorpath=/Website1/LastPage.aspx
How can I prevent this? However, I could just redirect to the page if it contains the query, but I'm more looking for a way to prevent the query string instead of an extra redirection.
492
The aspxerrorpath parameter is passed if the error was caught by . NET (and the error page specified in web. config is used). This happens if you're using the development web server, or if IIS is configured not to check that the file exists.
The <customErrors> section in Web. config has two attributes that affect what error page is shown: defaultRedirect and mode . The defaultRedirect attribute is optional. If provided, it specifies the URL of the custom error page and indicates that the custom error page should be shown instead of the Runtime Error YSOD.
you could catch/handle all errors in your global.asax file instead and do the redirect there
protected void Application_Error(object sender, EventArgs e)
{
//Exception ex = Server.GetLastError();
Server.Transfer("~/DefaultErrorPage.aspx");
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
