views:

1763

answers:

3

In IIS I can configure my custom error pages.
For each HTTP Error code I can say where to go. Several codes have a number of "sub" codes available. For example 404 has a regular 404, 404;1, 404;2 and so on..

What are they for? When are they returned? Should I make custom pages for these errors? Can I somehow easely configure all code "families" to come to the same page?

+5  A: 

401 - Access denied. IIS defines several different 401 errors that indicate a more specific cause of the error. These specific error codes are displayed in the browser but are not displayed in the IIS log:

  • 401.1 - Logon failed.
  • 401.2 - Logon failed due to server configuration.
  • 401.3 - Unauthorized due to ACL on resource.
  • 401.4 - Authorization failed by filter.
  • 401.5 - Authorization failed by ISAPI/CGI application.
  • 401.7 – Access denied by URL authorization policy on the Web server (This error code is specific to IIS 6.0.)

Here is the complete list in the MSDN documentation.

If you want to show your visitors or users a nice custom message depending on these subcode, you could do it. But you needn't.

splattne
Thanks, the dot was the missing link ;) I googled them with a ';' as they are represented that way in IIS.Any answers on my subsequent questions?
borisCallens
A: 

This blog article appears to explain a lot of this. Perhaps it can be of help? At the very least, it explains the meaning of the 'sub-codes'.

Daan
+1  A: 

"Substatus" error codes are specific to IIS. They are for "internal" logging purposes - whatever the substatus code, it is the the parent error that gets returned to the client (404.2 gets sent back as 404)

They were implemented specifically to reduce the surface area of attack of IIS whilst still providing sysadmins with a meaningful amount of data. Therefore you actively should not send back specific substatus error messages as you will be opening your IIS installation to possible attack.

Reference

iAn