将用户重定向到自定义错误页面 [英] Redirect user to custom error page
问题描述
当用户尝试从URL(www.mydomain.com/foldername)键入任何文件夹时,浏览器会抛出以下服务器错误403 - 禁止访问:访问被拒绝。。有了这条消息,攻击者就可以知道存在这样的文件夹名称,可能会尝试攻击或探索它。如果有任何403错误,我希望用户重定向到我们的自定义错误页面(或找不到404页面)。为此,我在web.config文件中进行了以下设置。
Hi,
When user tries typing any folder from URL (www.mydomain.com/foldername), browser throws following server error "403 - Forbidden: Access is denied.". With this message, attacker can get an idea that there exists such folder name and might try attacking or exploring it. When there is any 403 error, I wanted user to redirect to our custom error page (or 404 Page not found). To achieve this, I have made below settings within my web.config file.
<httpErrors errorMode="Custom" defaultResponseMode="ExecuteURL" defaultPath="Common/Error/ErrorHandler.aspx" >
<remove statusCode="403" />
<error statusCode="403" path="Common/Error/ErrorHandler.aspx" responseMode="ExecuteURL" />
</httpErrors>
但是通过此设置,我收到HTTP 500错误消息,其中包含以下详细信息。
最有可能的原因:
•网站正在维护。
•网站有编程错误。
设置是否不正确或是否已经实现了相对路径的任何问题?
But with this settings, I get HTTP 500 error message with below details.
Most likely causes:
•The website is under maintenance.
•The website has a programming error.
Is the settings made incorrect or is there any issue with the relative path thats been implemented?
推荐答案
使用web-config-custom-httperrors [ ^ ]作为参考,我注意到你的配置与那里所描述的不同。我不完全确定它是否相关,但你在删除语句中缺少 subStatusCode = - 1
。
Using web-config-custom-httperrors[^] as a reference, I noticed a small difference in your config from what is described there. I'm not entirely sure if it is relevant at all, but you are missing subStatusCode="-1"
in your remove statement.
这篇关于将用户重定向到自定义错误页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!