How to display forbidden error when a fom does not exist or is mispell

replied on December 8, 2016

Since the requested URL does not map to a Laserfiche product, it's not going to be something that can be configured in our software. If it's possible, it will be done in IIS's settings. It's tricky to search for, since most questions like this are about how to return 404 errors instead of 403 (with the thinking that revealing the existence of a resource to which you don't have access is a form of information disclosure). You could do it with a reverse proxy, but that seems like overkill if you don't already have one set up for other purposes.

What's the reason for wanting to return the other error code? Normally users would be clicking on links and not typing in the URL anyway, do you have a scenario where they would be typing in the URL a lot?

0 0

replied on December 8, 2016

The 403 its a request for our customer, but I understand that its easier to return a 404, the main reason its for security purposes, as if IIS return its config data could lead to a exploit by unautorize users.

0 0

SELECTED ANSWER

replied on December 8, 2016

With default configuration, you should be seeing this:

It doesn't reveal any configuration information. Don't be confused by IIS returning more information if the request comes from the local machine - remote users are given less information. You should be able to change that also, it should be related to customErrors="RemoteOnly" in the root web.config.

0 0

Question

Question

How to display forbidden error when a fom does not exist or is mispell

Answer

Replies

Sign in to reply to this post.