Custom error handling for ASP and IIS 6.0

Posted on 2014-08-19
Last Modified: 2014-08-19
I got request from PCI compliance agent to create a custom error page for the following error. But it has no error code. I tried with error 500;100 to create a custom page, but still show the same error message. Which error code should I modify to show custom error message in IIS?


This is the response on the page I got back:
Microsoft VBScript runtime error '800a000d'
Type mismatch: '[string: "2;WAITFOR DELAY '00:"]'
C:\INETPUB\WWWROOT\xxxxxxx\INCLUDES\../content/cnt_about.asp, line 6
Question by:crcsupport
    LVL 52

    Assisted Solution

    by:Scott Fell, EE MVE
    What they are saying is to not show detail errors on the page.  You need to turn off sending errors to the browser and you should be good.

    You just need to log into iis and turn off "send error to browser"
    LVL 52

    Accepted Solution

    LVL 1

    Author Comment

    I found it at website/home directory/configuration.

    LVL 52

    Expert Comment

    by:Scott Fell, EE MVE
    Great.  They just don't want to see the detailed errors.   The reason is it helps hackers.

    Another common thing you must turn off on iis6 is parent paths.  If you have include files that look like below (starting with two dots and the include is "file"), then you have parent paths on.
    <!--#include file ="../connections/myconn.asp"-->

    Open in new window

    Once you turn parent paths off, you will need to change your code to "virtual" and use an absolute path.
    <!--#include virtual ="/connections/myconn.asp"-->

    Open in new window

    If they don't catch it now, they will on another scan.  Might as well bite the bullet and fix this too.
    LVL 1

    Author Comment

    ok, thanks!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Today I had a very interesting conundrum that had to get solved quickly. Needless to say, it wasn't resolved quickly because when we needed it we were very rushed, but as soon as the conference call was over and I took a step back I saw the correct …
    Prologue It is often required to host multiple websites on a single instance of IIS, mostly in development environments instead of on production servers. I am sure it is not much a preferred solution on production servers but this is at least a pos…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now