Kindly find the link for error details.
The background is that my users are running a web-based COTS product. Recently, the application went through a vulnerability assessment, and one of the issues found was related to the exposure of information via Stack Trace. Over at our end we tried the following:
- Assign an error page for error 400 via IIS and restarted IIS
- Ensure the following is correct and inside web.config: <trace enabled="false" localOnly="true">
- Ensure the following is correct and inside web.config too: <customErrors mode="On" defaultRedirect="error.aspx" />
But the Stack Trace info still appear. I have no idea what else is causing the stack trace to still appear for that particular 400 error. The other errors were fine and catered for during the scan, with no stack trace information appearing. Anyone have any idea what else I can do? Is there a chance it's caused by the COTS application instead?
Do note that my end goal is not to resolve 400 errors, but to hide/remove stack trace information for any error 400 occurrences.