Cyber Security & Dot Net Security

Thursday, November 25, 2010

ASP.NET 404 ERROR PAGE - How to Configure Error 404 Page in ASPX (.NET) for IIS Server?

Error 404 Page
My previous post explained about How to create Error 404 page in asp. This method will work out for all extensions except ASPX files. In ASPX (.NET) these files pass through special parser which instead outputs a .NET error. If we want the .NET application redirect to custom Error 404 page, We have to edit our web.config file in the root of the website.


Open your Web.config file, present in the root of the site. If you do not have a web.config file create one. Copy and paste the following in the file.






<configuration>
<system.web>
<customErrors mode="On">
<error statusCode="404" redirect="/errors/error404page.aspx" />
</customErrors>
</system.web>
</configuration>



With the use of the above code we are instructing the .NET application to turn on custom errors and for 404 response code we redirect to a specific virtual page.



In the ASPX page, error404page.aspx, copy the following code to display to the user when a HTTP 404 error occurs:


<%@ Page Language="VB" runat="server" explicit="true" strict="true" %>
<%@ Register TagPrefix="UserControl" TagName="Header" Src="head.ascx" %>
<%@ Register TagPrefix="UserControl" TagName="Footer" Src="tail.ascx" %>
<%@ Import Namespace="System.Web.Mail" %>
<script language="vb" runat="server">
Sub Page_Load()
'-- Get Query from the URL
Dim strQuery As String = Request.ServerVariables("QUERY_STRING")
'-- avoid running our code if someone browses
' the 404.aspx file directly
If strQuery <> "" Then
'-- Page with the broken link
Dim strReferer As String = Request.ServerVariables("HTTP_REFERER")
'-- remove the default appended string to the url
strQuery = strQuery.Replace("404;http://", "")
'-- Find the position of the root "/" in the string
Dim intSlashPosition As Integer = strQuery.IndexOf("/")
'-- Remove all text before the "/"
strQuery = strQuery.Remove(0, intSlashPosition)
'-- set the label control's text
lblQueryString.Text = strQuery
'-- Send Email to the Webmaster
Dim objMail As New MailMessage()
Dim strEmailBody As String
strEmailBody = "Seo-Insights - 404 Page Not Found : " & DateTime.Now & "<br>" & "------------------------------------------------------" & "<br>" & "<br>"
If strReferer = "" Then strEmailBody = strEmailBody & "Someone typed in this broken link directly:" & "<br>" Else strEmailBody = strEmailBody & "The page <a href=""" & strReferer & """>" & strReferer & "</a> contains a broken link:" & "<br>"
End If
strEmailBody = strEmailBody & "<br>" & strQuery
'-- change the FROM and TO emails for your site
objMail.From = "webuser@example.com"
objMail.To = "administrator@example.com"
objMail.Subject = "Seo-Insights - 404 Page Not Found"
objMail.Priority = MailPriority.High
objMail.BodyFormat = MailFormat.Html
objMail.Body = strEmailBody
SmtpMail.SmtpServer = ""
SmtpMail.Send(objMail)
'-- strQuery = ""
Else
'-- switch panel displays to display the error
' when a user simply navigates to this file
pnlValid404.Visible = False
pnlNotValid404.Visible = True
End If
End Sub
</script>
<html>
<head>
<meta name="robots" content="noindex,nofollow">
<title>Seo-Insights - 404 Page Not
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="#FFFFFF">
<UserControl:Header runat="server" />
<h2>Page Not Found (404 Error)</h2>
<asp:panel id="pnlValid404" runat="server">
<p><asp:label id="lblQueryString" runat="server" ForeColor="#FF0000" /> could not be located.<p>
<p>An email has been sent to the webmaster about this problem, and action will be taken to fix it.</p>
</asp:panel>
<asp:panel id="pnlNotValid404" runat="server" Visible="False">
<p>This page works only as a redirect when an ASPX page is not found.</p>
</asp:panel>
<UserControl:Footer id="myFooter" runat="server" />
</body>
</html>



Note that 2 UserControls are registered to include the header and footer, to have the same look and feel of the site. Import the System.Web.Mail namespace so we can send an email to our webmaster.



When the page loads, we can track the broken link from the URL which had triggered the error404page. When a redirect to the 404 page happens, the server appends the broken link to the error404page.



For example if the broken link was /missedpage.aspx, we can track that through Request.ServerVariables("QUERY_STRING"). If the query is empty, probably it means the user found the missedpage on our site and browsed to it. In this case we do not want to run our code. All the code is nested inside the condition that the strQuery is not empty.



To inform the webmaster about the broken links in the site, an email will be send to the webmaster. The label control with ID lblQueryString outputs the strQuery from our code. And finally, the two panels switch content depending on what we want to show to the user. The pnlNotValid404 is set to not visible be default since this is our error display, and we only set it to visible if one occurs.

No comments: