28

I'm working on some error handling in my MVC app, and I'd like to change asperrorpath to something that doesn't give away the fact that I'm using .NET... something like path

Can anyone give me some direction on how to change that out?

DaveRandom
  • 87,921
  • 11
  • 154
  • 174
Chase Florell
  • 46,378
  • 57
  • 186
  • 376
  • Hello rockinthesixstring. Have you found the answer to this yet? I'd like to do this too! Anyone? Anyone? +1 – Funka Jun 26 '10 at 02:12
  • Sorry, you're fooling yourself i you think it's not trivial to know if a site is running asp.net. asp.net and mvc both have very strong telltale signs thatdoesn't take much effort to figure out, and this is built in to the way that requests are handled so there is no configuration or other change you can make that will hide it – Erik Funkenbusch Mar 18 '12 at 19:48
  • @MystereMan, not trying to hide it, just don't want it totally obvious either. – Chase Florell Aug 20 '12 at 19:37
  • I use javascript like "if (location.search != "") { window.location.href = "/404.html"; } " – Diogo Cid Dec 11 '14 at 18:08

5 Answers5

10

Add redirectMode="ResponseRewrite" to the customErrors section. That worked for me.

Leniel Maccaferri
  • 100,159
  • 46
  • 371
  • 480
David Thompson
  • 301
  • 1
  • 3
  • 8
  • 13
    Warning: You can only use ResponseRewrite if you're redirecting to a file on the server and not using MVC routes to your error page: http://stackoverflow.com/a/3770265/188740 – Johnny Oshika Feb 25 '14 at 15:47
2

my wprk around is using 

route.MapRoute("NotFound", "{*url}", new {controller = "Home", action = "NotFound"})

At the bottom most, which I have NotFound action in HomeController. It will simply catch all other urls.

CallMeLaNN
  • 8,328
  • 7
  • 59
  • 74
  • 1
    nope. I don't care about the URL (I already have that taken care of)... but the querystring for the returnUrl is currently `?asperrorpath=http...` whereby everyone knows I'm using .net (not saying it's a bad thing). I'd just like to change the item to `?go=http...`. Which I've already done. I'll post my solution later in the day. – Chase Florell Mar 10 '11 at 16:56
  • Yeah I found so many trick, this is what I think the best. If using this way, you need to turn `On` (or `RemoteOnly`) `customError` but don't define any 404 redirection etc in the web.config, the `"{*url}"` will catch it. I am using MVC 3. Not sure about previous version. I will never get the `?asperrorpath=` – CallMeLaNN Mar 11 '11 at 16:27
-1

The are many ways you can solve your problem. It depends what you want.

  1. You can edit section in your web.config And write default link for redirecting on error and also specify different links for different error like <error statusCode="403" redirect="NoAccess.htm" />
  2. You can use HandleError attribute for your Controller/Actions. You can read about it here.
Community
  • 1
  • 1
arena-ru
  • 990
  • 2
  • 12
  • 25
-1

By supplying custom query string, your aspxerrorpath won't show up.

Check the original answer from this link: how to prevent “aspxerrorpath”

Community
  • 1
  • 1
Matin Habibi
  • 700
  • 1
  • 8
  • 20
  • I *guess* so, but say you want to redirect to your website's home page on a 404 - if you specify `redirect="~/?"` in the web.config, your URL will look like `http://localhost:51437/?` - which is sort of ugly and may not meet your project's requirements. – alex Apr 20 '17 at 18:30
-1

Just add dummy query string to your .htm pages as below.

<customErrors mode="On" defaultRedirect="errorpage.htm?error=1" >
      <error statusCode="404" redirect="filenotfound.htm?error=1" />
</customErrors>

Check with fiddler, the asperrorpath query string does not appear anymore and referrer of errorpage.htm is completely clean.

Houssam Hamdan
  • 888
  • 6
  • 15
  • What if you're redirecting to an MVC `.cshtml` page instead of a normal HTML page? The MVC framework uses `.cshtml` files by default. Also, what if you have attribute-based routing set up? – alex Apr 20 '17 at 18:31
  • This solution is good for errors that you cannot or are not handling through code. This is when asperrorpath query string appears. The main purpose is to not let sniffers discover the back-end technology you are using. You can always redirect your user to a controller action that returns an error view where asperrorpath is not appearing and you completely safe. – Houssam Hamdan Apr 23 '17 at 12:01