I'm trying to ensure that no non-standard error messages are sent to a user for security reasons. Generally I have standard error messages setup and it works perfectly fine. I use these tags in the web.config:
<httpErrors errorMode="Custom">
<remove statusCode="404" subStatusCode="-1"/>
<remove statusCode="401" subStatusCode="-1"/>
<remove statusCode="403" subStatusCode="-1"/>
<remove statusCode="501" subStatusCode="-1"/>
<remove statusCode="400" subStatusCode="-1"/>
<remove statusCode="411" subStatusCode="-1"/>
<error statusCode="403" path="/ErrorPages/UnAuthorized.aspx" responseMode="ExecuteURL"/>
<error statusCode="404" path="/ErrorPages/Oops.aspx" responseMode="ExecuteURL"/>
<error statusCode="501" path="/ErrorPages/Oops.aspx" responseMode="ExecuteURL"/>
<error statusCode="400" path="/ErrorPages/Oops.aspx" responseMode="ExecuteURL"/>
<error statusCode="411" path="/ErrorPages/Oops.aspx" responseMode="ExecuteURL"/>
<error statusCode="400" path="/Account/Login.aspx" responseMode="ExecuteURL"/>
</httpErrors>
The problem I am having is it has been pointed out that some 403,400,501 error messages still don't get redirected.
The urls that cause this problem are:
www.example.com/con/ - asp.net error
wwww.example.com/..%5CStorage%5CDocuments%5C8849145d-174a-41ab-9676-0ae19d6ab741 - 403 error
and 411 errors from invalid content length.
Are you using VisualStudio Development Server or IIS7 Express? If you are using it then you should try with:
<customErrors mode="On" >
<error statusCode="503" redirect="/Views/Shared/Error.htm"/>
</customErrors>
If not, try this:
<httpErrors existingResponse="Replace" defaultResponseMode="Redirect" errorMode="Custom">
<remove statusCode="501"/>
<error statusCode="501" responseMode="Redirect" path="/ErrorPages/Oops.aspx"/>
</httpErrors>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With