I followed the directions for changing the web.config and added an error.html file to the root application directory for my SharePoint app. However, if I go to http://mywebapp/fakepage.html it does not display my error page, I still get the 404 Page Not Found
error.
When I attempt to browse to http://mywebapp/error.html, the error page displays correctly.
I've tried:
<customErrors mode="On" redirectMode="ResponseRewrite" defaultRedirect="~/error.html" />
and I also tried:
<customErrors mode="On" defaultRedirect="~/error.html" />
and both display the same behavior
Yes, I did make those changes before starting with my attempts at changing the redirect. I was under the incorrect assumption that I also needed to setup the redirect change that was for other non-SharePoint web sites.
After reading another thread in this site, I now realize that only the change on the page you posted pertaining to SharePoint is necessary and no additional redirect changes are required. Thank you.
SPJen
Member
15 Points
7 Posts
Changes for the vulnerability are not working
Sep 22, 2010 06:14 PM|LINK
I followed the directions for changing the web.config and added an error.html file to the root application directory for my SharePoint app. However, if I go to http://mywebapp/fakepage.html it does not display my error page, I still get the 404 Page Not Found error.
When I attempt to browse to http://mywebapp/error.html, the error page displays correctly.
How do I troubleshoot this to get it to work?
Thank you
benrick
Contributor
2439 Points
405 Posts
ASPInsiders
Re: Changes for the vulnerability are not working
Sep 22, 2010 06:16 PM|LINK
What does your customerrors section look like in your web config?
Did you make sure to also remove the specific errors?
Brendan's Blog
SPJen
Member
15 Points
7 Posts
Re: Changes for the vulnerability are not working
Sep 22, 2010 06:20 PM|LINK
benrick
Contributor
2439 Points
405 Posts
ASPInsiders
Re: Changes for the vulnerability are not working
Sep 22, 2010 06:25 PM|LINK
What do you get when you go to: http://mywebapp/fakepage.aspx?
Brendan's Blog
SPJen
Member
15 Points
7 Posts
Re: Changes for the vulnerability are not working
Sep 22, 2010 06:26 PM|LINK
I get: "404 NOT FOUND"
owjeff
Member
136 Points
37 Posts
Re: Changes for the vulnerability are not working
Sep 22, 2010 06:27 PM|LINK
Custom errors only apply to managed code. As Brendan mentioned, test an aspx page.
OrcsWeb: Managed Windows Hosting Solutions
"Remarkable Service. Remarkable Support."
benrick
Contributor
2439 Points
405 Posts
ASPInsiders
Re: Changes for the vulnerability are not working
Sep 22, 2010 06:29 PM|LINK
Did you notice I said "aspx" and not "html"? Sorry, just want to confirm. Simple html pages will not matter for the vulnerability anyway.
Brendan's Blog
SPJen
Member
15 Points
7 Posts
Re: Changes for the vulnerability are not working
Sep 22, 2010 06:37 PM|LINK
Yes, I tried with .aspx and substituted my web app alias for the "mywebapp" portion of the URL
mbanavige
All-Star
134962 Points
15421 Posts
ASPInsiders
Moderator
MVP
Re: Changes for the vulnerability are not working
Sep 22, 2010 08:00 PM|LINK
since you're using sharepoint, please make sure you've followed the sharepoint specific guidance:
http://blogs.msdn.com/b/sharepoint/archive/2010/09/21/security-advisory-2416728-vulnerability-in-asp-net-and-sharepoint.aspx
SPJen
Member
15 Points
7 Posts
Re: Changes for the vulnerability are not working
Sep 22, 2010 08:27 PM|LINK
Yes, I did make those changes before starting with my attempts at changing the redirect. I was under the incorrect assumption that I also needed to setup the redirect change that was for other non-SharePoint web sites.
After reading another thread in this site, I now realize that only the change on the page you posted pertaining to SharePoint is necessary and no additional redirect changes are required. Thank you.