Custom error pages
Custom error pages have a crucial role for your website security and user browsing experience. In case your Sitefinity CMS website encounters a problem, your database server goes down, or your custom code throws an error, the user browsing the site will be presented with an error screen. This error screen is also known as YSOD, or the “yellow screen of death”. The error screen can contain sensitive information and make it visible to the public, for example your connection string, important variable names, and so on. You must configure error pages to make sure such information is not visible on the live site. Additionally, error pages provide a much better way of informing users that there has been a problem with a resource they are trying to access and handling such situations gracefully.
You configure custom error pages in Sitefinity CMS using standard mechanisms that apply to any ASP.NET WebApplication – the <httpErrors>
and <customErrors>
configuration elements.
Configure the <httpErrors> element
The <httpErrors> is an element inside your web.config file. It represents the error pages configuration in IIS, and has been introduced with IIS 7. HttpErrors handles errors that occur when accessing Sitefinity CMS pages, for example URLs like /mysite/foo.
To configure <httpErrors>
for your Sitefinity CMS website follow this procedure:
- Open the web.config file that is in your project’s folder.
- Find the
<system.webServer>
config section
- Configure the
<httpErrors>
section. The sample below demonstrates handling some of the most common error codes:
IMPORTANT: If you have followed the instructions to Change the application status page response code, and you are using custom error pages where you handle this code, you need to instruct IIS to let the Application status response pass through, instead of serving your custom error page. Do this by adding a <location> tag for in your web.config for the sitefinity/status path as follows:
<location path="sitefinity/status">
<system.webServer>
<httpErrors errorMode="Custom" existingResponse="PassThrough">
</httpErrors>
</system.webServer>
</location>
Configure the <customErrors> element
The <customErrors>
element controls the behavior for errors thrown by ASP.NET during the execution of a request. For example, errors thrown when serving static resources (e.g. *.aspx pages, images, etc.)
To configure <customErrors>
for your Sitefinity CMS website follow this procedure:
- Find the
<system.web>
config section in your web.config file
- Add the following
<customErrors>
section to handle the most common error codes:
This <customErrors> section above handles errors when accessing ASP.NET files (for example .aspx files). The paths to the error pages are virtual relative paths.
Save and close the web.config file.