Error handling on the secured 2012 servers

Discussion in 'Windows / IIS' started by Dale, Aug 31, 2015.

  1. In reading the KBs and other similar posts it seems you are using the <customErrors> element in system.web instead of the MS approach of using <httpErrors> in <system.webserver> is that the current recommendation on the new servers?

    I'm trying to get past a PCI compliance scan by 401 labs and I'm down to 1 last item; webserver error handling and it's kicking my butt. The site was showing the default asp.net errors at first - OUCH and I got it to at least show the default "The page cannot be displayed because an internal server error has occurred."

    I was hoping that would satisfy the scanner even if it wasn't what I hoped for. I'd like it to simply show the default page (home) whenever anything goes wrong that the application itself doesn't handle. The scan result still failed siting a potential vulnerability when this url [/AUX/.aspx] returned the default page and recommended an ISAPI filter to handle that specific case. I'm thinking (hoping) it was just a misinterpretation of the response and if the error was handled properly it would have passed.

    To that end; to date I've tried using both of the above mentioned web.config modifications without getting any redirection; it either shows the asp.net errors or the generic page cannot be displayed. More specifically; customerrors seems to be ignored and httperrors shows the default "page cannot..."

    Without log file access I'm feeling blindered and the MS documentation says to use httperrors on IIS 8.5.

    Thoughts?
    How to approach troubleshooting?
    Dale
     
  2. FrankC

    FrankC DiscountASP.NET Staff

    Due to the sensitivity of PCI scan, please open a support ticket.
     
  3. OK
    I've had on and off communication with support about this subject for some time.
    Then I noticed one of the FAQs stating that web.config modifications should be handled through the forums.

    I'll try support again.
    Thanks
    Dale
     

Share This Page