When I call a page with a non authorized character (such as *), i get a yellow page "A potentially dangerous Request.Path value was detected". It looks like it is a 400 error page. My goal is to customize this page and show a clean error page or redirect to home page (i tried both solutions). Here is what i wrote in my web.config:
<system.webServer> <httpErrors errorMode="Custom"> <remove statusCode="400" subStatusCode="-1" /> <remove statusCode="404" subStatusCode="-1" /> <error statusCode="400" path="/page-non-trouvee.aspx?status=400" responseMode="ExecuteURL" /> <error statusCode="404" path="/" responseMode="ExecuteURL" /> </httpErrors>
I'm using IIS7. The point is my 400 page is still shown as a yellow error page.
There must be a workaround because although the Stack Exchange Data Explorer has this problem with http://data.stackexchange.com/users  Stack Overflow itself does not: https://stackoverflow.com/users 
Any ideas?
As gbianchi mentioned, you could do a customErrors redirect like this:
<customErrors mode="On" redirectMode="ResponseRedirect" defaultRedirect="/404" />
However, this would result in an annoying querystring with the original path and segment.
If it's an ASP.NET application, you could overload the Application_Error event in your Global.asax.cs file. Here's a hack-ish way of doing it in MVC:
protected void Application_Error() { var exception = Server.GetLastError(); var httpException = exception as HttpException; if (httpException == null) { return; } var statusCode = httpException.GetHttpCode(); // HACK to get around the Request.Path errors from invalid characters if ((statusCode == 404) || ((statusCode == 400) && httpException.Message.Contains("Request.Path"))) { Response.Clear(); Server.ClearError(); var routeData = new RouteData(); routeData.Values["controller"] = "Error"; routeData.Values["exception"] = exception; Response.StatusCode = statusCode; routeData.Values["action"] = "NotFound"; // Avoid IIS7 getting in the middle Response.TrySkipIisCustomErrors = true; IController errorsController = new ErrorController(); HttpContextWrapper wrapper = new HttpContextWrapper(Context); var rc = new RequestContext(wrapper, routeData); errorsController.Execute(rc); } }
