为什么在ASP.NET错误页面返回404只要aspxerrorpath查询字符串是present? [英] Why does the ASP.NET error page return 404 as soon as the aspxerrorpath querystring is present?
问题描述
我如下配置ASP.NET应用程序:
I have configured an ASP.NET application as follows:
<customErrors mode="RemoteOnly" defaultRedirect="~/Error.aspx"/>
当我浏览到〜/ Error.aspx文件的服务器返回200和页面呈现。但是,如果用户被重定向到错误页面查询字符串附加到路径:
When I browse to the ~/Error.aspx file the server returns 200 and the page is rendered. But if the user is redirected to the error page a querystring is appended to the path:
/Error.aspx?aspxerrorpath=/Test.aspx
/Error.aspx?aspxerrorpath=/Test.aspx
但每当这个查询字符串中使用的服务器不呈现错误页面,而是使用服务器的自定义错误页返回404,不Error.aspx
But whenever this querystring is used the server doesn't render the error page, instead it returns a 404 using the server's custom error page, not Error.aspx
为什么没有在web.config设置结果在〜/ Error.aspx被渲染?
Why doesn't the web.config setting result in ~/Error.aspx being rendered?
推荐答案
我相信我已经找到了问题所在。由于最近ASP.NET安全漏洞(的看到斯科特Guthrie的帖子),建议的措施之一是把在禁止的任何URL与查询字符串一则URLScan规则aspxerrorpath =在里面。因此,您的网址是切断它甚至到达ASP.NET之前并返回默认的404。
I believe I've tracked down the problem. Due to a recent ASP.NET security vulnerability (see Scott Guthrie's post), one of the recommended actions was to put in a URLScan rule that prohibits any urls with a querystring with "aspxerrorpath=" in it. So your url is cut off before it even gets to ASP.NET and a default 404 is returned.
要检查,如果这是你的问题,你可以在aspxerrorpath = XX在您的网站的任何页面的URL,它应该返回404错误。
To check if this is your problem, you can "aspxerrorpath=xx" to ANY page url on your site, and it should return a 404 error.
现在,一个补丁已经发布了修复在asp.net这个漏洞,您应该能够摆脱规则,然后你的错误页面重定向应该重新工作。
Now that a patch has been released to fix this vulnerability in asp.net, you should be able to get rid of that rule and then your error page redirects should work again.
这篇关于为什么在ASP.NET错误页面返回404只要aspxerrorpath查询字符串是present?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!