I have a root website with no application. Then under that root site are four virtual directories with applications. Each of these applications has good error handling. The root website has none.
I added a web.config with a simple customerrors="remoteonly" and a redirect to the default error page which is a simple .htm file on this root site. So, if someone hits the root site on purpose, they only see the html on the .htm page (ok...that was obvious.)
It works fine except that a McAfee scan says that I have "Improper Error Handling". Why?
Is there a better way?
By the way, I am using IIS 6.0.