IIS 7.5 = 嵌套的 web.config 不会覆盖应用程序级别 web.config 中设置的自定义错误处理

Question

运行 ColdFusion 11(更新 7)和 IIS 7.5

我的站点应用程序/根级别 web.config:

<configuration>
    <system.webServer>
        <httpErrors errorMode="Custom" />
    </system.webServer>
</configuration>

我的嵌套 web.config 文件位于/api/eb 中:

<configuration>
    <system.webServer>
        <httpErrors errorMode="Detailed" />
    </system.webServer>
</configuration>

当我访问位于/api/eb 子目录(例如 401.cfm)中的页面并触发 401 状态代码时，服务器将返回自定义错误处理程序响应。我对文档的解释是嵌套的 web.config 文件应该覆盖根 web.config 文件，但显然不是。

我已经在 IIS 应用程序主机文件中进行了检查，并且 httpErrors overrideModeDefault 设置为 true。我还尝试在我的根 web.config 文件中使用位置标记来做同样的事情，但它也会被忽略，除非我将路径设置为通配符。

我没主意了。对你的帮助表示感谢。提前谢谢你。

Answer 1

我发现这篇文章似乎很好地解释了您的问题 - How to Use HTTP Detailed Errors in IIS 7.0

特别是这段摘录:

Security Considerations

A word of caution: For architectural reasons, IIS can only execute the URL if it is located in the same Application Pool. Use the redirect feature to execute a Custom Error in a different Application Pool.

IIS can also return a 302 Redirect to the browser when a particular error occurs. Redirect is good if you have a server farm. For instance, you can redirect all your errors to a central location that you closely monitor.

There is risk however: responseMode="File" (which is the default) allows you to specify every file on the disk. This will not work if you are very security conscious.

A workable scenario might include only allowing the delegation of the errorMode setting. This enables a developer to receive Detailed Errors for his application even if he is using a remote client. All that is necessary is to set errorMode="Detailed". Here is how to configure this scenario:

Allow the delegation of the httpErrors section:

<section name="httpErrors" overrideModeDefault="Allow" />

Second, go to the section in applicationHost.config and change it so that only errorMode is delegated:

<httpErrors lockAllAttributesExcept="errorMode" lockElements="error">
<error statusCode="404" prefixLanguageFilePath="E:\inetpub\custerr" path="404.htm" /> <error statusCode="401" prefixLanguageFilePath="E:\inetpub\custerr" path="401.htm" /> <error statusCode="403" prefixLanguageFilePath="E:\inetpub\custerr" path="403.htm" /> <error statusCode="405" prefixLanguageFilePath="E:\inetpub\custerr" path="405.htm" /> <error statusCode="406" prefixLanguageFilePath="E:\inetpub\custerr" path="406.htm" /> <error statusCode="412" prefixLanguageFilePath="E:\inetpub\custerr" path="412.htm" /> <error statusCode="500" prefixLanguageFilePath="E:\inetpub\custerr" path="500.htm" /> <error statusCode="501" prefixLanguageFilePath="E:\inetpub\custerr" path="501.htm" /> <error statusCode="502" prefixLanguageFilePath="E:\inetpub\custerr" path="502.htm" />

</httpErrors>

请注意 overrideModeDefault 的正确值属性是 Allow , 不是 true正如您在问题中提到的。

本文进一步解释了 overrideModeDefault属性 - Understanding IIS 7.0 Configuration Delegation

摘录:

The overrideModeDefault attribute is an optional attribute that defines the locked state of a section. Its available values are either Allow or Deny. The default value is "Allow". All IIS sections that are related to any performance, security or critical aspect of the server are locked with this attribute set to "Deny". If the overrideModeDefault attribute is set to "Deny", then any configuration files at a lower level (i.e. web.config files) that set a value for a property for the specific configuration section are not able to take effect and override the global values. This incurs in a lock violation and an error occurs.