[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 551
  • Last Modified:

Custom error handling for ASP and IIS 6.0

I got request from PCI compliance agent to create a custom error page for the following error. But it has no error code. I tried with error 500;100 to create a custom page, but still show the same error message. Which error code should I modify to show custom error message in IIS?

========================
xxxxxxx.com/about.asp?pagenumber=2;WAITFOR%20DELAY%20'00:00:21';--


This is the response on the page I got back:
Microsoft VBScript runtime error '800a000d'
Type mismatch: '[string: "2;WAITFOR DELAY '00:"]'
C:\INETPUB\WWWROOT\xxxxxxx\INCLUDES\../content/cnt_about.asp, line 6
0
crcsupport
Asked:
crcsupport
  • 3
  • 2
2 Solutions
 
Scott Fell, EE MVEDeveloperCommented:
What they are saying is to not show detail errors on the page.  You need to turn off sending errors to the browser and you should be good.

You just need to log into iis and turn off "send error to browser"
0
 
Scott Fell, EE MVEDeveloperCommented:
0
 
crcsupportAuthor Commented:
I found it at website/home directory/configuration.

thanks!!
0
 
Scott Fell, EE MVEDeveloperCommented:
Great.  They just don't want to see the detailed errors.   The reason is it helps hackers.

Another common thing you must turn off on iis6 is parent paths.  If you have include files that look like below (starting with two dots and the include is "file"), then you have parent paths on.
<!--#include file ="../connections/myconn.asp"-->

Open in new window


Once you turn parent paths off, you will need to change your code to "virtual" and use an absolute path.
<!--#include virtual ="/connections/myconn.asp"-->

Open in new window

If they don't catch it now, they will on another scan.  Might as well bite the bullet and fix this too.
0
 
crcsupportAuthor Commented:
ok, thanks!
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now