ASP.NET Custom Error Page Not Displayed for Abnormal URLs

A vulnerability scanning service regularly tests our site for PCI scan compliance. It has just started trying to access URLs with abnormal formatting, such as:

http://www.mydomain.com/ShoppingCart.aspx//ErrorPage.aspx%3fid%3d2?

We have a Custom Error Page set which works for everything except this. Is there any way to force IIS to display it for this type of URL?

The Error: Runtime Error - An application error occurred on the server....

We're using:

• ASP.NET 2.0 (Framework 3.5)
• 开发者_如何学CIIS 7.0 (Windows Server Web 2008)

I've tried to debug this, but I can't reproduce this on IIS 6.0.

There might be a more simple solution, but if you're on IIS7 you can use URL Rewrite to match those type of URLs and map them back to your error page.

The %3f part isn't being parsed by IIS 7 and so it can't find the page. If you look in your site logs you'll probably see some 404's.

You'll need to configure IIS 7 to point to your errorpage.aspx file as it's default 404 page.