开发者

ASP.NET Custom Error Page Not Displayed for Abnormal URLs

A vulnerability scanning service regularly tests our site for PCI scan compliance. It has just started trying to access URLs with abnormal formatting, such as:

http://www.mydomain.com/ShoppingCart.aspx//ErrorPage.aspx%3fid%3d2?

We have a Custom Error Page set which works for everything except this. Is there any way to force IIS to display it for this type of URL?

The Error: Runtime Error - An application error occurred on the server....

We're using:

I've tried to debug this, but I can't reproduce this on IIS 6.0.


There might be a more simple solution, but if you're on IIS7 you can use URL Rewrite to match those type of URLs and map them back to your error page.


The %3f part isn't being parsed by IIS 7 and so it can't find the page. If you look in your site logs you'll probably see some 404's.

You'll need to configure IIS 7 to point to your errorpage.aspx file as it's default 404 page.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜