将用户重定向到自定义错误页面 [英] Redirect user to custom error page

问题描述

当用户尝试从URL（www.mydomain.com/foldername）键入任何文件夹时，浏览器会抛出以下服务器错误403 - 禁止访问：访问被拒绝。。有了这条消息，攻击者就可以知道存在这样的文件夹名称，可能会尝试攻击或探索它。如果有任何403错误，我希望用户重定向到我们的自定义错误页面（或找不到404页面）。为此，我在web.config文件中进行了以下设置。

Hi,

When user tries typing any folder from URL (www.mydomain.com/foldername), browser throws following server error "403 - Forbidden: Access is denied.". With this message, attacker can get an idea that there exists such folder name and might try attacking or exploring it. When there is any 403 error, I wanted user to redirect to our custom error page (or 404 Page not found). To achieve this, I have made below settings within my web.config file.

<httpErrors errorMode="Custom" defaultResponseMode="ExecuteURL" defaultPath="Common/Error/ErrorHandler.aspx" >
        <remove statusCode="403" />
        <error statusCode="403" path="Common/Error/ErrorHandler.aspx" responseMode="ExecuteURL" />
</httpErrors>

但是通过此设置，我收到HTTP 500错误消息，其中包含以下详细信息。

最有可能的原因：

•网站正在维护。

•网站有编程错误。



设置是否不正确或是否已经实现了相对路径的任何问题？

But with this settings, I get HTTP 500 error message with below details.
Most likely causes:
•The website is under maintenance.
•The website has a programming error.

Is the settings made incorrect or is there any issue with the relative path thats been implemented?

推荐答案

使用web-config-custom-httperrors [ ^ ]作为参考，我注意到你的配置与那里所描述的不同。我不完全确定它是否相关，但你在删除语句中缺少 subStatusCode = - 1。

Using web-config-custom-httperrors[^] as a reference, I noticed a small difference in your config from what is described there. I'm not entirely sure if it is relevant at all, but you are missing subStatusCode="-1" in your remove statement.

这篇关于将用户重定向到自定义错误页面的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！