AspxErrorPath in Custom Error Page

Question

We currently has a page that is used to display a generic error message when errors occur on our website. It has no functionality at all other than displaying a label that m

Answer 1

As a quick-fix, I've found that appending "?" onto the end of the defaultRedirect setting worked for me in removing the aspxerrorpath.

Also, I was getting the same issue with the customErrors settings in system.web, and the same solution worked:

<customErrors mode="On" defaultRedirect="~/SystemError.aspx">
   <error statusCode="403" redirect="~/Home.aspx?"/>
   <error statusCode="404" redirect="~/Home.aspx?"/>
</customErrors>

Alternatively, do the same on system.webServer settings:

<httpErrors errorMode="Custom">
   <remove statusCode="403" subStatusCode="-1" />
   <error statusCode="403" path="/Home.aspx?" responseMode="Redirect" />
   <remove statusCode="404" subStatusCode="-1" />
   <error statusCode="404" path="/Home.aspx?" responseMode="Redirect" /> 
</httpErrors>

Answer 2

You are going to have to take control of the error handling process yourself. One method is get rid of the custom error redirect and use the Application_Error method in global. You can then direct the person, as needed without any query string argument.

Another option is ELMAH, which is designed to avoid the yellow screen of death errors in ASP.NET. You can then tailor a friendly error and not worry about writing error handling code, per se.

A third method is to educate the security team on how ASP.NET works and see if the "security concern" is legitimate (it may be) or not. This does not mean they won't make you do one of the above options anyway, of course.

Answer 3

you could catch/handle all errors in your global.asax file instead and do the redirect there

    protected void Application_Error(object sender, EventArgs e)
    {
        //Exception ex = Server.GetLastError();

        Server.Transfer("~/DefaultErrorPage.aspx");
    }