0 Favourites

You should turn off custom errors

  • This morning when the site was down (due to a transaction log being full) it was exposing details about your site in the custom errors. These should generally (always in my opinion) be turned off for publicly facing sites.

    Here's how to do this. Your web.config system.web node should contain the following:

    <system.web>

    <customErrors mode="RemoteOnly">

    </system.web>

    It removed the URL I included with some additional things to consider, I think this should work:

    text: weblogs.asp.net/dotnetstories/five-common-mistakes-in-the-web-config-file

    This page lists some other issues related to the web.config file:I've attached the two different errors I received, which expose:

    1. You use IIS

    2. The version of the .Net framework (bottom of Error2)

    3. You use SQL Server

    4. Some details about your SQL Server configuration

    I'm not sure if phpBB would reflect this change in terms of what it exposes, that would require further testing.

    Just letting you know.

    Thanks,

    Jason

  • Construct 3

    Buy Construct 3

    Develop games in your browser. Powerful, performant & highly capable.

    Buy Now Construct 3 users don't see these ads
  • also, funnily enough, the e mail adress of the webmaster according to the error is a noreply adress, which is something that might need a change..

Jump to:
Active Users
There are 1 visitors browsing this topic (0 users and 1 guests)