CRV2 FrameworkSpecIssuesASPNetConfigs

From OWASP
Revision as of 13:00, 2 July 2013 by Johanna Curiel (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Configure exceptions for Error Code handling

Showing and handling the correct error code when a user sends a bad request or invalid parameters is an important configuration subject. Logging these errors are also an excellent help when analyzing potential attacks to the application.


It is possible to configure these errors in the code or in the Web.Config file

The HttpException method Describes an exception that occurred during the processing of HTTP requests.For example:

if (string.IsNullOrEmpty(Request["id"]))
    throw new HttpException(400, "Bad request");


or in the Web.config file:


<configuration>
 <system.web>
   <customErrors mode="On" defaultRedirect="ErrorPage.html" 
                redirectMode="ResponseRewrite">
     <error statusCode="400" redirect="BadRequest.html" />
     <error statusCode="404" redirect="FileNotFound.html" />
   </customErrors>
 </system.web>
</configuration>