IIS->Error Pages:How to Use Detailed Errors in IIS 7.0

Issue: While requesting an application hosted in IIS 7.0 from the IE, sometime we may get an error message which is not so helpful for us to diagnostic the problem. see screenshot below:

 

image

 

Solution:

1) Disable IE “Friendly HTTP error messages”

image

 

2) Enable IIS7 detailed errors

You can do this from the IIS7 Admin tool by running “Start>Run>inetmgr.exe”, selecting your website/application/virtual directory in the left-hand tree view, clicking on the “Error Pages” icon, clicking “Edit Feature Settings” action, and then selecting “Detailed Errors”.

image

Result:

Now you can see the error message in more detailed like below:

image

Notice that this error contains quite a bit of useful information:
1) The heading contains the substatus code, 404.0, which is an IIS specific code that further describes the problem. The majority of common errors has a unique <status_code>.<substatus_code> combination that you can easily google for additional information.
2) The page indicates what module (IIS Web Core), and in what notification (MapRequestHandler) an error occurred. This information is critical whenever you are debugging server problems, especially on the IIS7+ world when most of them occur in one of the modules that take part in the processing of the request.
3) The page shows you some useful request information, such as the requested url and the physical path to which it resolved. Most 404 errors will be resolved right here, by seeing that the request is being made to a wrong url or resolving to a wrong physical path due to incorrect virtual directory mapping.
4) The “most likely causes” and “what you can try” sections offer the most likely explanation for the error and what you can do about it. They are dead on for the majority of common IIS7 errors.

Highlighted Comments:

However, error messages are a sensitive topic, because Detailed Errors contain information about the inner workings of your web-site. Every error may reveals more about your web-site than you might want revealed. The more information someone can gather about your site, the likelier it is that you will be hacked. This is dangerous. So only trusted people should see a Detailed Error. For Production phase,The only way to ensures this is to only generate a detailed error if the request comes from the local machine. As soon as the request is not local, a custom error is generated. For development phase, we can enable the detailed errors temporarily for developer usage.

posted on 2012-01-13 11:45  刘宁Toby  阅读(270)  评论(0编辑  收藏  举报