A client recently reached out to me to assist with a requirement that was requested after receiving a penetration test from an external vendor for their older Windows Server 2008 R1 Citrix XenApp 6.5 environment where when attempting to navigate to a page that did not exist, the browser would display a HTTP Error 404.0 – Not Found page that reveals the IIS version along with some other details of the web server:
What the client wanted to do was simply redirect the page to a custom page that did not reveal any information about the server. To do this, he placed a 404-Copy.htm page in the C:\Inetpub\wwwroot\Citrix directory:
… then redirecting the page via the following field in the 404 Custom Error Page:
The problem with the configuration above is that the user would now be presented with the following HTTP Error 500.19 – Internal Server Error page with the message:
Absolute physical path "C:\inetpub\custerr\" is not allowed in system.webServer/httpErrors section in web.config file. Use relative path instead.
Searching for this error brought me to the following Microsoft blog post:
Custom Error Pages – HTTP Error 500.19 – Internal Server Error
Which suggested to used the Configuration Editor to configure the allowAbsolutePathsWhenDelegated to true but this option was not available in the IIS administration console:
The following is from another server with IIS 7.5 on Windows Server 2012 that has the Configuration Editor available:
After trying to find another way to set the variable but unable to find a way to, I found that we could get around this by simply place the 404-Copy.htm page in the root directory C:\Inetpub\wwwroot:
Then referencing the page via the path:
Providing us with the result that we wanted:
Another method which is not preferred is to completely remove the 404 error page as such:
Which would result in the following page displayed:
Troubleshooting this issue on this older Windows 2008 R1 server was a but of a nuance so I hope this post would save someone else a bit of time.