I write custom error pages for my MVC 5 web app. That's why I extended my web.config:
<customErrors mode="On" defaultRedirect="~/Error/" >
<error redirect="~/Error/?code=404" statusCode="404" />
</customErrors>
My Index action is called properly but I want to know the called url that was not found. How can I get it?
Related
In my application (Asp.Net web api) if the attacker inserts arbitrary text after in the api url then that text is displayed in the 404 error page. This can be used by attacker to trick the users to click on custom links or for phishing attacks.
I want to block any arbitrary text from showing up on error page like this. Point to note here, we have not implemented GUID based error messaging in application.
In order to set up a custom 404 error page add the following to web.config inside <system.web></system.web>:
<customErrors mode="On" redirectMode="ResponseRewrite">
<error statusCode="404" redirect="~/404.html"/>
</customErrors>
I’ve set mode="On" so we can view the custom errors pages locally. Generally you would only want to display these in production so would set mode="RemoteOnly"
Then add also custom error pages in IIS (note that this only works in IIS 7+). In web.config add the following inside <system.webServer></system.webServer>:
<httpErrors errorMode="Custom">
<remove statusCode="404"/>
<error statusCode="404" path="/404.html" responseMode="File"/>
</httpErrors>
If it doesn't help, as I don't know the architecture of your application, you should go for a route matching solution:
Implementing a smart IHttpRouteConstraint
Applying the constraint to attribute routing
Applying the constraint to centralized routing
here are the details of the implementation:
https://www.strathweb.com/2014/10/route-matching-overriding-404-asp-net-web-api/
I have custom errors set in web.config for a 404 error and in IIS.
My custom error page works ok.
I want to be able to go to my custom error page from a page load event.
If I throw a 404 using
throw new HttpException(404, "Not found");
I get to the custom error page but looking at the responses I get a 302 found and a 301 permanent redirect then a 404 generated.
How can I remove the 302 and 301?
I have tried Response.Clear() before throwing the exception and also Response.StatusCode=404.
By default when there's an HTTP error IIS will redirect with a 302 to the error page.
You can tell IIS to instead rewrite the response with the defined error page in the web.config :
With the customErrors tag :
<system.web>
<customErrors redirectMode="ResponseRewrite">
<error statusCode="404" redirect="~/Error404.aspx"/>
</customErrors>
</system.web>
This works only with aspx pages, not with ASP.NET MVC
with the httpErrors tag :
<system.webServer>
<httpErrors errorMode="Custom" existingResponse="Replace">
<remove statusCode="404" subStatusCode="-1" />
<error statusCode="404" path="/Error404.aspx" responseMode="ExecuteURL"/>
</httpErrors>
</system.webServer>
With httpErrors you can't use ~/ to reference the root of the application, but it'll work with / if your application is not hosted as a sub application in IIS
I am trying to get a message page to display a custom message if the visitor browses to a page eg. nothere.cshtml or to a none existing folder eg. /folder/nothere/
I would like to keep the url visible and not do a redirect
I have tried the following in system.web
<customErrors defaultRedirect="~/message.cshtml" mode="On" redirectMode="ResponseRewrite">
<error statusCode="404" redirect="~/message.cshtml" />
</customErrors>
And the following in system.webserver
<httpErrors>
<remove statusCode="404" subStatusCode="-1" />
<error statusCode="404" prefixLanguageFilePath="" path="/message.cshtml" responseMode="ExecuteURL" />
</httpErrors>
But I get a Server error in "/" application for a file and a standard 404 error message when browsing to a directory that do not exist.
I am able to make a custom error message using the normal responseRedirect but then the URL are not kept original
Anybody?
I've tried some ways to deploy my custom error page (e.g. error.aspx) onto my website:
Added customErrors: <customErrors mode="On"
defaultRedirect="error.aspx" />
Added httpError: <httpErrors>
<remove statusCode="404" subStatusCode="-1" /> <error
statusCode="404" prefixLanguageFilePath="" path="error.aspx"
responseMode="ExecuteURL" /> </httpErrors>
Currently, I can point this URL to my custom error page:
http://test.localdev.net/random_text.aspx
However, I failed for those kind of URL (unsupported extension), for these URLs IIS will use its own 404 page:
http://test.localdev.net/Default.random
Could anyone help me to fix it?
Thanks
are you using iis7 or later in integrated mode? Otherwise I think you need to configure error pages in iis itself.
I'd like all errors to go to the same error page. I did initially try the error tag with statuscodes. That works fine but I'd rather not have to specify so any statuscodes and still have every error go to one page. The problem is that if I remove the statuscode entries, a 404 goes to the server's 404 page and not my error page.
Is there some way to configure all errors to go to the same page?
You should change your web.config and add the customErrors element. You can then set the default redirect to a signle page
For Example
<customErrors mode="On" defaultRedirect="Error.aspx">
</customErrors>
You can refer to the MSDN article
http://msdn.microsoft.com/en-us/library/h0hfz6fc.aspx
On IIS7, you can use the new httpErrors section
<system.webServer>
<httpErrors defaultPath="Error.aspx" defaultResponseMode="Redirect">
</httpErrors>
</system.webServer>
For more information
http://www.iis.net/ConfigReference/system.webServer/httpErrors
If I understand well, you need to send all errors to your custom error page, and the errors that iis7 gives (not only your program)
This is something that you need to setup on II7, but you can also setup it from web.config (but actually give instructions to ii7) Here is an example
<configuration>
<system.webServer>
<httpErrors errorMode="DetailedLocalOnly" defaultResponseMode="File" >
<remove statusCode="500" />
<error statusCode="500"
prefixLanguageFilePath="C:\Contoso\Content\errors"
path="500.htm" />
</httpErrors>
</system.webServer>
</configuration>
reference: http://www.iis.net/ConfigReference/system.webServer/httpErrors