Rules

Secret ingredients to quality software

Edit
Info

Do you replace the 404 error with a useful error page?

Created on 11 Aug 2016 | Last updated by Brady Stroud [SSW] on 17 Mar 2021 05:01 AM (about 1 month ago)

Error page, you say? You worked hard to make sure my site has no errors!! Well, surfers don't always type URLs accurately. No website is immune to such errors.

A well-designed custom error page encourages surfers to remain in your site and help them to the right page. Although it's possible to redirect error codes straight to your homepage, that doesn't tell visitors what's going on. It's more user-friendly to explain that there was a problem and provide some alternatives. Supply a link to your home page or other links, or offer your site's search function if you have one.

<customErrors mode="Off"></customErrors>

Figure: This is the default code on web.config

<customErrors mode="RemoteOnly" defaultRedirect="/ssw/ErrorPage.aspx">
<error statusCode="404" redirect="/ssw/SSWCustomError404.aspx">
</customErrors>

Figure: this is the current code in the web.config of the SSW Site

For ASP.NET website, the detailed information would be presented to the remote machines when an unhandled error occurs if the customErrors mode is off.

This error information is useful for the developer to do debugging. However, it would leak out some confidential information which could be used to get into your system by the hackers. We can assume that if a SQL exception occurs by accident, which may expose database sensitive information (e.g. connection string; SQL script). So, to prevent these leaks, you should set the "mode" attribute of the tag <customerrors> to "RemoteOnly" or "On" in the web.config file and create a user-friendly customized error page to replace the detailed error information.

<customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm"></customErrors>

Figure: Turning on "customErrors" protects sensitive information against Hacker

404 bad
Figure: Bad example - Unhandled error

404 good
Figure: Good example - Custom error page

Related rule

Adam CoganAdam Cogan
Tiago AraujoTiago Araujo

We open source. This page is on GitHub