Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Sep 21, 2010 05:24 AM|LINK
Moved from the MVC forum to the dedicated one about the vulnerability one by moderator XIII to keep people and the ASP.NET team at Microsoft focussed on one reporting area:
I'm trying to implement the workaround for the oracle padding exploit
described on ScottGu's blog. Here's the workaround:
<customErrors mode="On" redirectMode="ResponseRewrite" defaultRedirect="/Home/ErrorPage" />
When I add that to my web.config, I'm not redirected to the error page when I try a bogus URL. I get the regular 404 error page. That's not what I expected. When I visit http://www.example.com/Home/ErrorPage, I can see it just fine.
I can't use the script on Scott's page to test my server since I deploy to Azure.