Issue With ASP.NET Custom Errors

  • Updated


Out of the box, ASP.NET provides a default error page. It is possible to override this error page by setting <customError> or <httpErrors> in the web.config. However, when Contrast Protect is in use, these custom errors do not display.



The .NET agent blocks attacks by throwing an exception at a low enough level to stop all request processing (including Application_Error), which is necessary to ensure attacks are actually blocked. Custom exception handlers generally do not have access to this scope.



 In most cases, custom errors will not work when an attack event is stopped by Protect. It may work in some cases if using mode="On" instead of  mode="RemoteOnly".  


Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request