How to create an IIS custom error page to increase security

PROBLEM:

When there is an error page thrown in IIS (like 404 for example) it can expose relative or absolute paths on the Kaseya server. This is a security concern so a good security practice is to hide those paths to remote viewers as there is no need for them to see it. 

CAUSE:

By default, a custom error page isn't setup so IIS will throw back the type of page below which exposes information that could be a security risk.

IIS_8_5_Detailed_Error_-_404_0_-_Not_Found.jpg

SOLUTION:

In IIS, you can create a custom error page to avoid these paths from displaying to your remote users.

Step 1) On the VSA, go to the site root folder (i.e.: C:\Kaseya\WebPages\)

Step 2) Create a new folder in the site root (i.e.: C:\Kaseya\WebPages\customerror)

Step 3) Create a custom error page and save it in the new folder. This custom error page could be HTML or ASP page.

Customerror.jpg

Step 4)  Open up IIS – Internet Information Services (IIS) Manager and Navigate to the Default Web Site and open up the Error Pages page

customerrorpage2.jpg

Step 5) Double click on the 404 status code, choose the Execute a URL to this site option and enter in the path and click "OK"

Screenshot_2_6_15__9_07_AM.jpg

Step 6) On the right side, click on the Edit Feature Settings link and make sure that “Custom error pages” is selected.

 

customerrorpage_docx.jpg

No need to restart Kaseya Services or IIS.

This was tested with IIS 7.5 and up and works for VSA versions R8 and up. For older versions of IIS and the VSA these steps may work as well but were NOT tested. This also applies to on-premise customers only.

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section