ASP.NET Custom Error Page Not Displayed for Abnormal URLs

tags:

asp.net
iis7

views:

answers:

+1 Q:

ASP.NET Custom Error Page Not Displayed for Abnormal URLs

A vulnerability scanning service regularly tests our site for PCI scan compliance. It has just started trying to access URLs with abnormal formatting, such as:

http://www.mydomain.com/ShoppingCart.aspx//ErrorPage.aspx%3fid%3d2?

We have a Custom Error Page set which works for everything except this. Is there any way to force IIS to display it for this type of URL?

The Error: Runtime Error - An application error occurred on the server....

We're using:

ASP.NET 2.0 (Framework 3.5)
IIS 7.0 (Windows Server Web 2008)

I've tried to debug this, but I can't reproduce this on IIS 6.0.

+1 A:

There might be a more simple solution, but if you're on IIS7 you can use URL Rewrite to match those type of URLs and map them back to your error page.

Nate Bross 2010-07-06 15:04:28

I still can't reproduce the problem -- even on our production system, but our scanning service isn't reporting the issue anymore. Thanks for your help!

triniMahn 2010-07-14 18:12:24

The %3f part isn't being parsed by IIS 7 and so it can't find the page. If you look in your site logs you'll probably see some 404's.

You'll need to configure IIS 7 to point to your errorpage.aspx file as it's default 404 page.

Chris Lively 2010-07-06 15:15:50

I tried this but it didn't seem to work. Thanks for your answer though!

triniMahn 2010-07-14 18:11:33

ansaurus

tags:

views:

answers:

ASP.NET Custom Error Page Not Displayed for Abnormal URLs

related questions