Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Faraz Ahmed 2 posts 72 karma points
    Dec 14, 2020 @ 11:46
    Faraz Ahmed
    0

    Verbose Error Message

    Hi Team,

    We have developed website using Umbraco version 8, now before deploy on Production server our client ran the security Scan using Qualys Security Tool.

    Now the report showing the Verbose Error Message vulnerability by hitting the below URL and also website is getting crashed when we put the same URL on browser. enter image description here

    I also set the disableAlternativeTemplates="true" property to true and assuming the browser should show the 404 custom page.

    My working page URL is http://localhost:97/en/myparkservice

    Any help would be highly appreciated.

    Thanks

    Copy Link
  • Huw Reddick 335 posts 1007 karma points
    Dec 16, 2020 @ 09:09
    Huw Reddick
    0

    You need to set the customErrors mode to either "On" or "RemoteOnly" in your web.config file

    Copy Link
  • Faraz Ahmed 2 posts 72 karma points
    Dec 16, 2020 @ 11:04
    Faraz Ahmed
    0

    Hi Huw Reddick,

    Thank you for your reply, I have already set the customErrors to "RemoteOnly" and from out site the server it is showing the 505 custom Page which is fine. But I am assuming that this should return the 404 Error page note found message instead of 505 internal server issue. enter image description here

    Can you please assist.

    Thanks.

    Copy Link
  • Huw Reddick 335 posts 1007 karma points
    Dec 16, 2020 @ 11:18
    Huw Reddick
    0

    I would change your custom error to this

    The error you are getting is coming from the IIS pipeline rather than Umbraco, to trap it nicely you need to add the following error handler

    <system.webserver>
    <httpErrors errorMode="RemoteOnly" existingResponse="Replace">
      <remove statusCode="500" />
      <error statusCode="500" path="error-500.html" responseMode="File" />
    </httpErrors>
</system.webserver>

    It is not reaching the system.web handler because that is errored before getting to that handler.

    do not us a relative url like ~/ place the html error file in the root of your site.

    However, you really should try to work out what is causing the error and fix it rather than just hide it.

    Copy Link
  • Huw Reddick 335 posts 1007 karma points
    Dec 16, 2020 @ 11:47
    Huw Reddick
    0

    oops sorry the errorMode should be DetailedLocalOnly or Custom not RemoteOnly

    Copy Link

  • This forum is in read-only mode while we transition to the new forum.

    You can continue this topic on the new forum by tapping the "Continue discussion" link below.

Please Sign in or register to post replies