0

Occasionally I get the following stack trace from some of our production websites:

A public action method 'Index' was not found on controller 'HomeController'.

Now this route obviously exists and the site works fine in numerous test environments.

The IP addresses that originates these requests are not in our target markets and are what I would consider as people trying to 'hack' the site. I assume they are doing something weird with the headers to cause this problem.

Is this something I should be concerned about or should I suppress? By concerned I mean is there something I could do to handle this error more gracefully to avoid showing the error message.

I am unable to replicate the situation in a browser or using fiddler.

Website is running ASP.NET MVC 5, IIS 7.5, Windows Server 2008.

Ashley Medway
  • 7,151
  • 7
  • 49
  • 71
  • >"is there something I could do to handle this error more gracefully to avoid showing the error message." Are you sure end user is also seeing this error message? Maybe they are shown something configured via web.config's `` element? – joym8 Sep 12 '14 at 13:43
  • @greatbear302 sorry I should have been clearer, Yes we do have custom error messages in place and I'm sure the user will see our error page, but I would rather the request was correctly handled. I.E. the user is routed to /Home/Index without error. – Ashley Medway Sep 12 '14 at 13:54

1 Answers1

1

There is a very similar question answered on SO here: https://stackoverflow.com/a/2008013/1541224

Basically it asks you to disable the verbs you don't need in your app like:

<authorization>
  <deny users="*" verbs="OPTIONS, PROPFIND, HEAD"/>
</authorization>

I would imagine .NET responding with Method not allowed error in these cases but in any case, if this solves your issue go with it!

Community
  • 1
  • 1
joym8
  • 4,014
  • 3
  • 50
  • 93