Hi everyone, we did a penetration test.
And we are reporting that some image links called with "incorrect" values in the parameters instead of showing the custom error page from Umbraco release the yellow exception page in view of the user.
It is to do with how IIS handles different requests, the request for an image is a 'static request' and so the failure is outside of Umbraco's request pipeline where you probably have your custom 500 and 404 code implemented, and is falling back to use the default IIS error pages.
You could add a 'location' tag for the 'media' path and configure specific errors there for /media requests...
Umbraco 8 - Image exception
Hi everyone, we did a penetration test. And we are reporting that some image links called with "incorrect" values in the parameters instead of showing the custom error page from Umbraco release the yellow exception page in view of the user.
es: https://{my-domain}/media/ygif4ate/{my-image}.jpg?crop=0,0.24858636360403674,0,0.24883793593108072&cropmode="%27>
Returns an invalid parameter exception. Here is the stack trace:
Can you tell me why Umbraco's custom error page does not intercept this exception?
Thank you very much in advance for your support!
Hi CampanaP
It is to do with how IIS handles different requests, the request for an image is a 'static request' and so the failure is outside of Umbraco's request pipeline where you probably have your custom 500 and 404 code implemented, and is falling back to use the default IIS error pages.
You could add a 'location' tag for the 'media' path and configure specific errors there for /media requests...
regards
marc
is working on a reply...