为什么在ASP.NET错误页面返回404只要aspxerrorpath查询字符串是present？ [英] Why does the ASP.NET error page return 404 as soon as the aspxerrorpath querystring is present?

问题描述

我如下配置ASP.NET应用程序：

I have configured an ASP.NET application as follows:

<customErrors mode="RemoteOnly" defaultRedirect="~/Error.aspx"/>

当我浏览到〜/ Error.aspx文件的服务器返回200和页面呈现。但是，如果用户被重定向到错误页面查询字符串附加到路径：

When I browse to the ~/Error.aspx file the server returns 200 and the page is rendered. But if the user is redirected to the error page a querystring is appended to the path:

/Error.aspx?aspxerrorpath=/Test.aspx

/Error.aspx?aspxerrorpath=/Test.aspx

但每当这个查询字符串中使用的服务器不呈现错误页面，而是使用服务器的自定义错误页返回404，不Error.aspx

But whenever this querystring is used the server doesn't render the error page, instead it returns a 404 using the server's custom error page, not Error.aspx

为什么没有在web.config设置结果在〜/ Error.aspx被渲染？

Why doesn't the web.config setting result in ~/Error.aspx being rendered?

推荐答案

我相信我已经找到了问题所在。由于最近ASP.NET安全漏洞（的看到斯科特Guthrie的帖子），建议的措施之一是把在禁止的任何URL与查询字符串一则URLScan规则aspxerrorpath =在里面。因此，您的网址是切断它甚至到达ASP.NET之前并返回默认的404。

I believe I've tracked down the problem. Due to a recent ASP.NET security vulnerability (see Scott Guthrie's post), one of the recommended actions was to put in a URLScan rule that prohibits any urls with a querystring with "aspxerrorpath=" in it. So your url is cut off before it even gets to ASP.NET and a default 404 is returned.

要检查，如果这是你的问题，你可以在aspxerrorpath = XX在您的网站的任何页面的URL，它应该返回404错误。

To check if this is your problem, you can "aspxerrorpath=xx" to ANY page url on your site, and it should return a 404 error.

现在，一个补丁已经发布了修复在asp.net这个漏洞，您应该能够摆脱规则，然后你的错误页面重定向应该重新工作。

Now that a patch has been released to fix this vulnerability in asp.net, you should be able to get rid of that rule and then your error page redirects should work again.

这篇关于为什么在ASP.NET错误页面返回404只要aspxerrorpath查询字符串是present？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！