Some of the original error pages in ASP. NET are exposed Source code Which brings potential security risks.
ASP. NET allows applications Program When an error occurs, the page specified by the user is displayed by modifying the configuration information in the web. config file.
<? XML version = "1.0" encoding = "UTF-8" ?>
< Configuration >
< System . Web >
< Customerrors Mode = "On" Defaultredirect = "Errorpage.htm" />
</ System. Web >
</ Configuration >
The configuration information clearly indicates that the custom page errorpage.htm is displayed when the application is incorrect. Because each application has its own web. config configuration file, the applications do not interfere with each other.
The mode attribute indicates whether to enable Custom User pages. It can have three values, as shown below:
On enable custom error page
Off disabled custom error page
Remoteonly enables custom error pages, but only displays them to remote users.
The defaultredirect attribute indicates the file name of the custom error page.
<! -- Custom error message
You can set the customerror mode Value to control
The user displays user-friendly error information instead of error details (including stack trace information ):
"On" always displays custom (friendly) Information
"Off" always displays detailed ASP. NET error messages.
"Remoteonly" only applies
The user displays custom (friendly) information. For security purposes, we recommend that you use this setting
The details of the application are not displayed to the remote client.
-->
Note!
The default value is <customerrors mode = "remoteonly"/> only for remote users
Change to <customerrors mode = "on" defaultredirect = "errorpage.htm"/>
The custom page is always displayed, without the detailed information of the program!