Prevent config files error to render in browser

Question

I have a custom config file in my application say my.config. Suddenly I ecnountered with some error regarding one of the settings inside the config file and the strange thing happens- my content of the config file get's rendered in the browser in the form of error. This is a big security issue for me. My question is how to prevent the content of my config files from rendering in the browser. Note I have already this setting in my web config:

<customErrors mode="Off" defaultRedirect="errors/default.aspx"/>

I am wondering why did not it redirect to error page? we had the settings turned on still it displayed the straight error.

score 0 · Answer 1 · answered Jan 15 '11 at 11:09

Are you running IIS7? I think you have to add a section to the new system.webServer section of your web.config file to change the behavior of the custom error page. Open IIS and check the settings for the error page setting. In web.config it should be something like this,

<configuration>
   <system.webServer>
      <httpErrors errorMode="DetailedLocalOnly">
       </httpErrors>
   </system.webServer>
</configuration>

/Viktor

score 0 · Answer 2 · answered Jan 15 '11 at 11:12

0

set the customErrors mode="On".

answered Jan 15 '11 at 11:12

Vijay Sirigiri

4,653
29
31

Prevent config files error to render in browser

2 Answers2