Do you replace the 404 error with a useful error page?
  v5.0 Posted at 11/08/2017 8:00 AM by Tiago Araujo

Error page, you say? You worked hard to make sure my site has no errors!! Well, surfers don't always type URLs accurately. No website is immune to such errors.

A well-designed custom error page encourages surfers to remain in your site and help them to the right page. Although it's possible to redirect error codes straight to your homepage, that doesn't tell visitors what's going on. It's more user-friendly to explain that there was a problem and provide some alternatives. Supply a link to your home page or other links, or offer your site's search function if you have one. ​

<customErrors mode="Off"></customErrors>

Figure: This is the default code on​ web.config

<customErrors mode="RemoteOnly" defaultRedirect="/ssw/ErrorPage.aspx">
<error statusCode="404" redirect="/ssw/SSWCustomError404.aspx">

Figure: this is the current code in the web.config of the SSW Site 

For ASP.NET website, the detailed information would be presented to the remote machines when an unhandled error occurs if the customErrors mode is off.

This error information is useful for the developer to do debugging. However, it would leak out some confidential information which could be used to get into your system by the hackers. We can assume that if a SQL exception occurs by accident, which may expose database sensitive information (e.g. connection string; SQL script). So, to prevent these leaks, you should set the "mode" attribute of the tag <customerrors> to "RemoteOnly" or "On" in the web.config file and create a user-friendly customized error page to replace the detailed error information.

<customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm"></customErrors>

Figure: Turning on "customErrors" protects sensitive information against Hacker 
Figure: Bad example - Unhandled error
Figure: Good example - Custom error page

Related rule

Related rules

    Do you feel this rule needs an update?

    If you want to be notified when this rule is updated, please enter your email address: