Specify error pages in ASP. NET to prevent code leakage!

Source: Internet
Author: User
Some of the original error pages in ASP. NET are exposed Source code Which brings potential security risks.

ASP. NET allows applications Program When an error occurs, the page specified by the user is displayed by modifying the configuration information in the web. config file.

<? XML version = "1.0" encoding = "UTF-8" ?>

< Configuration >

 

< System . Web >


< Customerrors Mode = "On" Defaultredirect = "Errorpage.htm"   />


</ System. Web >

 

</ Configuration >

The configuration information clearly indicates that the custom page errorpage.htm is displayed when the application is incorrect. Because each application has its own web. config configuration file, the applications do not interfere with each other.

The mode attribute indicates whether to enable Custom User pages. It can have three values, as shown below:

On enable custom error page

Off disabled custom error page

Remoteonly enables custom error pages, but only displays them to remote users.

The defaultredirect attribute indicates the file name of the custom error page.


<! -- Custom error message

You can set the customerror mode Value to control

The user displays user-friendly error information instead of error details (including stack trace information ):

"On" always displays custom (friendly) Information

"Off" always displays detailed ASP. NET error messages.

"Remoteonly" only applies

The user displays custom (friendly) information. For security purposes, we recommend that you use this setting

The details of the application are not displayed to the remote client.

-->

Note!

The default value is <customerrors mode = "remoteonly"/> only for remote users

Change to <customerrors mode = "on" defaultredirect = "errorpage.htm"/>

The custom page is always displayed, without the detailed information of the program!

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.