Wes*_*101 6 c# asp.net security web-config http-status-codes
我正在尝试确保出于安全原因不向用户发送任何非标准错误消息.通常我有标准的错误消息设置,它工作得很好.我在web.config中使用这些标记:
<httpErrors errorMode="Custom">
<remove statusCode="404" subStatusCode="-1"/>
<remove statusCode="401" subStatusCode="-1"/>
<remove statusCode="403" subStatusCode="-1"/>
<remove statusCode="501" subStatusCode="-1"/>
<remove statusCode="400" subStatusCode="-1"/>
<remove statusCode="411" subStatusCode="-1"/>
<error statusCode="403" path="/ErrorPages/UnAuthorized.aspx" responseMode="ExecuteURL"/>
<error statusCode="404" path="/ErrorPages/Oops.aspx" responseMode="ExecuteURL"/>
<error statusCode="501" path="/ErrorPages/Oops.aspx" responseMode="ExecuteURL"/>
<error statusCode="400" path="/ErrorPages/Oops.aspx" responseMode="ExecuteURL"/>
<error statusCode="411" path="/ErrorPages/Oops.aspx" responseMode="ExecuteURL"/>
<error statusCode="400" path="/Account/Login.aspx" responseMode="ExecuteURL"/>
</httpErrors>
我遇到的问题是有人指出,一些403,400,501错误消息仍然没有被重定向.
导致此问题的网址是:
www.example.com/con/ - asp.net error
wwww.example.com/..%5CStorage%5CDocuments%5C8849145d-174a-41ab-9676-0ae19d6ab741 - 403 error
来自无效内容长度的411个错误.
小智 12
您使用的是VisualStudio Development Server还是IIS7 Express?如果您正在使用它,那么您应该尝试:
<customErrors mode="On" >
<error statusCode="503" redirect="/Views/Shared/Error.htm"/>
</customErrors>
如果没有,试试这个:
<httpErrors existingResponse="Replace" defaultResponseMode="Redirect" errorMode="Custom">
<remove statusCode="501"/>
<error statusCode="501" responseMode="Redirect" path="/ErrorPages/Oops.aspx"/>
</httpErrors>