How to hide the physical path to the web root when requesting a non-existent page (404.0)?

Question

When requesting a non-existent page (404.0) for debugging error log shows output error identification (which is useful for debugging applications), but it also shows the physical path to the web root.

This feature should be disabled on production servers. This data can provide an attacker with additional information about the infrastructure.

Answer

It can be modified in the IIS settings:

  1. Open the Internet Services Manager.

  2. Select the Default Web Site. 

  3. Click the Error Pages icon.


  4. Choose the error 404, and then select the Edit button.

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.