0

I'm getting a request like http://example.com/%2f..%2fwindows%2fsomething.ini and IIS is displaying "Forbidden URL - HTTP Error 403. The request URL is forbidden."

I think this request is getting blocked at the IIS level. How can I get IIS to let this error fall through to my application so I can show the error page the rest of my application uses? 404 errors fall through nicely as expected using the customErrors attribute in the web.config:

    <customErrors mode="RemoteOnly" defaultRedirect="~/content/error.html">
    </customErrors>

If I enter a simpler invalid URL like http://example.com/asdfasdfas/asdfasdf then my customErrors handler kicks in as desired.

theycallmemorty
  • 12,515
  • 14
  • 51
  • 71
  • You might get some hints from https://weblog.west-wind.com/posts/2017/jun/01/bypassing-iis-error-messages-in-aspnet The custom errors system from both IIS and ASP.NET can conflict with each other in certain cases, so you need to decide which one to prefer. – Lex Li Jun 19 '20 at 00:57

1 Answers1

0

403 is iis error. look like your asp.net error is not firing. you could try to add below code in the web.config file:

<httpErrors existingResponse="Replace" defaultResponseMode="ExecuteURL" errorMode="Custom"> 
<remove statusCode="403"/>
<error statusCode="403" path="/errorpage.aspx" responseMode="ExecuteURL"/>

you could also use iis manager to modify the changes:

1)open iis manager, select your site.

2)double click error pages.

enter image description here

3)set error page as suggested below or as per your requirement.

enter image description here

Why is IIS 7 showing me a default 403 page?

ASP MVC 5 - 403 customError not working

Jalpa Panchal
  • 8,251
  • 1
  • 11
  • 26