We have developed website using Umbraco version 8, now before deploy on Production server our client ran the security Scan using Qualys Security Tool.
Now the report showing the Verbose Error Message vulnerability by hitting the below URL and also website is getting crashed when we put the same URL on browser.
I also set the disableAlternativeTemplates="true" property to true and assuming the browser should show the 404 custom page.
Thank you for your reply, I have already set the customErrors to "RemoteOnly" and from out site the server it is showing the 505 custom Page which is fine. But I am assuming that this should return the 404 Error page note found message instead of 505 internal server issue.
Verbose Error Message
Hi Team,
We have developed website using Umbraco version 8, now before deploy on Production server our client ran the security Scan using Qualys Security Tool.
Now the report showing the Verbose Error Message vulnerability by hitting the below URL and also website is getting crashed when we put the same URL on browser.
I also set the disableAlternativeTemplates="true" property to true and assuming the browser should show the 404 custom page.
My working page URL is http://localhost:97/en/myparkservice
Any help would be highly appreciated.
Thanks
You need to set the customErrors mode to either "On" or "RemoteOnly" in your web.config file
Hi Huw Reddick,
Thank you for your reply, I have already set the customErrors to "RemoteOnly" and from out site the server it is showing the 505 custom Page which is fine. But I am assuming that this should return the 404 Error page note found message instead of 505 internal server issue.
Can you please assist.
Thanks.
I would change your custom error to this
The error you are getting is coming from the IIS pipeline rather than Umbraco, to trap it nicely you need to add the following error handler
It is not reaching the system.web handler because that is errored before getting to that handler.
do not us a relative url like ~/ place the html error file in the root of your site.
However, you really should try to work out what is causing the error and fix it rather than just hide it.
oops sorry the errorMode should be DetailedLocalOnly or Custom not RemoteOnly
Hi Getting this problem as well have the following in my system.webserver
I tried with the above however when I ran the qualys scan the errors remained.
When I then tried with the above and tried to generate a 500 say
I got bad request it didnt genearte my custom 500 page. Any pointers would be fanastic if you got this sorted.
Do you have a customerrors defined as well?
Not at my PC currently, but will post my errors sections later
These are the error sections in my web.config
is working on a reply...