Terence Luk: Unable to redirect a HTTP Error 404.0 - Not Found page to a custom page on IIS 7.0

Friday, January 13, 2017

Unable to redirect a HTTP Error 404.0 - Not Found page to a custom page on IIS 7.0

A client recently reached out to me to assist with a requirement that was requested after receiving a penetration test from an external vendor for their older Windows Server 2008 R1 Citrix XenApp 6.5 environment where when attempting to navigate to a page that did not exist, the browser would display a HTTP Error 404.0 – Not Found page that reveals the IIS version along with some other details of the web server:

What the client wanted to do was simply redirect the page to a custom page that did not reveal any information about the server. To do this, he placed a 404-Copy.htm page in the C:\Inetpub\wwwroot\Citrix directory:

… then redirecting the page via the following field in the 404 Custom Error Page:

/Citrix/404-Copy.htm

The problem with the configuration above is that the user would now be presented with the following HTTP Error 500.19 – Internal Server Error page with the message:

Absolute physical path "C:\inetpub\custerr\" is not allowed in system.webServer/httpErrors section in web.config file. Use relative path instead.

Searching for this error brought me to the following Microsoft blog post:

Custom Error Pages – HTTP Error 500.19 – Internal Server Error
https://blogs.msdn.microsoft.com/benjaminperkins/2012/05/02/custom-error-pages-http-error-500-19-internal-server-error/

Which suggested to used the Configuration Editor to configure the allowAbsolutePathsWhenDelegated to true but this option was not available in the IIS administration console:

The following is from another server with IIS 7.5 on Windows Server 2012 that has the Configuration Editor available:

After trying to find another way to set the variable but unable to find a way to, I found that we could get around this by simply place the 404-Copy.htm page in the root directory C:\Inetpub\wwwroot: