How to create a .NET custom error page to increase security

PROBLEM:

When there is a .NET error page thrown it can expose relative or absolute paths on the Kaseya server. This is a security concern so a good security practice is to hide those paths to remote viewers as there is no need for them to see it. 

CAUSE:

By default, a .NET custom error page isn't setup so IIS will throw back the type of page below which exposes information that could be a security risk.

neterror.jpg


SOLUTION:

In IIS, you can create a .NET custom error page to avoid these paths/system pages from displaying to your remote users.

Step 1) On the VSA, go to the site root folder (i.e.: C:\Kaseya\WebPages\)

Step 2) Create a new folder in the site root (i.e.: C:\Kaseya\WebPages\customerror)

Step 3) Create a custom error page and save it in the new folder. This custom error page could be HTML or ASP page.

Customerror.jpg

 

Step 4)  Open up IIS – Internet Information Services (IIS) Manager and Navigate to the Default Web Site and open up the .NET Error Pages page

 

neterrorpage.jpg

Step 5) On the right side, click on the Edit Feature Settings link and make sure that the option for Mode is On. Then, enter the Absolute URL to the .NET custom error page

editfeature.jpg

 

No need to restart Kaseya Services or IIS.

This was tested with IIS 7.5 and up and works for VSA versions R8 and up. For older versions of IIS and the VSA these steps may work as well but were NOT tested. This also applies to on-premise customers only.

Have more questions?

Contact us

Was this article helpful?
1 out of 1 found this helpful

Provide feedback for the Documentation team!

Browse this section