我正在尝试捕获 ASP.NET MVC 5 中的自定义错误
这是我的
web.config
:
<customErrors mode="On" defaultRedirect="/ErrorPage/DefaultErrorPage">
<error statusCode="400" redirect="/ErrorPage/DefaultErrorPage"/>
<error statusCode="401" redirect="/ErrorPage/Http401UnAuthorize"/>
<error statusCode="403" redirect="/ErrorPage/Http403Forbidden"/>
<error statusCode="404" redirect="/ErrorPage/Http404NotFound"/>
</customErrors>
.........
<httpErrors errorMode="Custom">
<remove statusCode="400" />
<remove statusCode="401" />
<remove statusCode="403" />
<error statusCode="400" redirect="/ErrorPage/DefaultErrorPage" responseMode="ExecuteURL"/>
<error statusCode="401" path="/ErrorPage/Http401UnAuthorize" responseMode="ExecuteURL" />
<error statusCode="403" path="/ErrorPage/Http403Forbidden" responseMode="ExecuteURL" />
</httpErrors>
通过这些设置,大多数错误都会被捕获并重定向到我的错误控制器,但这些网址仍然显示此消息:
示例网址:
https://xxxxx.com/customError.aspx?aspxerrorpath=/open-search.gz
https://xxxxx.com/customError.aspx?aspxerrorpath=/open-search.gz
https://xxxxx.com/%22ns%3D%22EDRIS%280x000046%29
https://xxxxx.com/\../\../\../\../\../\../\../\../\../\../\../etc/passwd
请尝试在 web.config 中添加以下内容:
<httpErrors errorMode="Custom" existingResponse="Replace">
<remove statusCode="500" subStatusCode="-1" />
<error statusCode="500" subStatusCode="-1" responseMode="ExecuteURL" path="/500.aspx" />
</httpErrors>