Custom error pages

Custom error pages have a crucial role for your website security and user browsing experience. In case your Sitefinity CMS website encounters a problem, your database server goes down, or your custom code throws an error, the user browsing the site will be presented with an error screen. This error screen is also known as YSOD, or the “yellow screen of death”. The error screen can contain sensitive information and make it visible to the public, for example your connection string, important variable names, and so on. You must configure error pages to make sure such information is not visible on the live site. Additionally, error pages provide a much better way of informing users that there has been a problem with a resource they are trying to access and handling such situations gracefully.

You configure custom error pages in Sitefinity CMS using standard mechanisms that apply to any ASP.NET WebApplication – the <httpErrors> and <customErrors> configuration elements.

Configure the <httpErrors> element

The <httpErrors> is an element inside your web.config file. It represents the error pages configuration in IIS, and has been introduced with IIS 7. HttpErrors handles errors that occur when accessing Sitefinity CMS pages, for example URLs like /mysite/foo.

To configure <httpErrors> for your Sitefinity CMS website follow this procedure:

  1. Open the web.config file that is in your project’s folder.
  2. Find the <system.webServer> config section
  3. Configure the <httpErrors> section. The sample below demonstrates handling some of the most common error codes:

IMPORTANT: If you have followed the instructions to Change the application status page response code, and you are using custom error pages where you handle this code, you need to instruct IIS to let the Application status response pass through, instead of serving your custom error page. Do this by adding a <location> tag for in your web.config for the sitefinity/status path as follows:
<location path="sitefinity/status">
    <system.webServer>
    <httpErrors errorMode="Custom" existingResponse="PassThrough">
    </httpErrors>
    </system.webServer>
  </location>

Configure the <customErrors> element

The <customErrors> element controls the behavior for errors thrown by ASP.NET during the execution of a request. For example, errors thrown when serving static resources (e.g. *.aspx pages, images, etc.)

To configure <customErrors> for your Sitefinity CMS website follow this procedure:

  1. Find the <system.web> config section in your web.config file
  2. Add the following <customErrors> section to handle the most common error codes:
  3. This <customErrors> section above handles errors when accessing ASP.NET files (for example .aspx files). The paths to the error pages are virtual relative paths.

    Save and close the web.config file.

Additional resources

External links

Increase your Sitefinity skills by signing up for our free trainings. Get Sitefinity-certified at Progress Education Community to boost your credentials.

Get started with Integration Hub | Sitefinity Cloud | Sitefinity SaaS

This free lesson teaches administrators, marketers, and other business professionals how to use the Integration hub service to create automated workflows between Sitefinity and other business systems.

Web Security for Sitefinity Administrators

This free lesson teaches administrators the basics about protecting yor Sitefinity instance and its sites from external threats. Configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.

Foundations of Sitefinity ASP.NET Core Development

The free on-demand video course teaches developers how to use Sitefinity .NET Core and leverage its decoupled architecture and new way of coding against the platform.

Was this article helpful?

Next article

Application restart