Specify error pages in ASP. NET to prevent code leakage!

Some of the original error pages in ASP. NET are exposed Source code Which brings potential security risks.

ASP. NET allows applications Program When an error occurs, the page specified by the user is displayed by modifying the configuration information in the web. config file.

<? XML version = "1.0" encoding = "UTF-8" ?>

< Configuration >

 

< System . Web >


< Customerrors Mode = "On" Defaultredirect = "Errorpage.htm"   />


</ System. Web >

 

</ Configuration >

The configuration information clearly indicates that the custom page errorpage.htm is displayed when the application is incorrect. Because each application has its own web. config configuration file, the applications do not interfere with each other.

The mode attribute indicates whether to enable Custom User pages. It can have three values, as shown below:

On enable custom error page

Off disabled custom error page

Remoteonly enables custom error pages, but only displays them to remote users.

The defaultredirect attribute indicates the file name of the custom error page.

<! -- Custom error message

You can set the customerror mode Value to control

The user displays user-friendly error information instead of error details (including stack trace information ):

"On" always displays custom (friendly) Information

"Off" always displays detailed ASP. NET error messages.

"Remoteonly" only applies

The user displays custom (friendly) information. For security purposes, we recommend that you use this setting

The details of the application are not displayed to the remote client.

-->

Note!

The default value is <customerrors mode = "remoteonly"/> only for remote users

Change to <customerrors mode = "on" defaultredirect = "errorpage.htm"/>

The custom page is always displayed, without the detailed information of the program!