0

Stack Trace Screenshot for error 400

Hi all,

Kindly find the link for error details. The background is that my users are running a web-based COTS product. Recently, the application went through a vulnerability assessment, and one of the issues found was related to the exposure of information via Stack Trace. Over at our end we tried the following:

  1. Assign an error page for error 400 via IIS and restarted IIS
  2. Ensure the following is correct and inside web.config: <trace enabled="false" localOnly="true">
  3. Ensure the following is correct and inside web.config too: <customErrors mode="On" defaultRedirect="error.aspx" />

But the Stack Trace info still appear. I have no idea what else is causing the stack trace to still appear for that particular 400 error. The other errors were fine during the scan, with no stack trace information appearing. Anyone have any idea what else I can do? Is there a chance it's caused by the COTS application instead?

user14773085
  • 15
  • 1
  • 7
  • You can view more detailed error information, and view it in the httperr.log file, which is in the C:\Windows\System32\LogFiles\HTTPERR\httperr.log directory. Here are some solutions for 400:https://learn.microsoft.com/en-us/iis/troubleshoot/diagnosing-http-errors/troubleshooting-http-400-errors-in-iis – Theobald Du Apr 12 '21 at 09:35
  • Hi Theobald, thanks for the response. My end goal is to hide/remove the stack trace info from being shown, whenever it hits a 400 error, regardless of how it was encountered. Not sure why all other errors are catered for, but it cannot block out error 400 – user14773085 Apr 13 '21 at 02:50
  • Take a look at: https://stackoverflow.com/questions/4459724/how-to-remove-error-messages-iis7 – Theobald Du Apr 15 '21 at 07:45

0 Answers0