解决方法: http://www.cnblogs.com/shanyou/archive/2010/09/24/1833757.html 中文版
http://weblogs.asp.net/scottgu/important-asp-net-security-vulnerability 英文版
步骤一.添加配置节点
.net 3.5 及以前版本,添加配置节点
<customErrors mode="On" defaultRedirect="~/error.html" />
.net 3.5 SP1 或 .net 4.0添加如下配置节点,注意加粗部分必须
<customErrors mode="On" defaultRedirect="~/error.aspx" redirectMode="ResponseRewrite" />
步骤二.添加默认错误页面
<%@ Page Language="C#" AutoEventWireup="true" %> <%@ Import Namespace="System.Security.Cryptography" %> <%@ Import Namespace="System.Threading" %> <script runat="server"> void Page_Load() { byte[] delay = new byte[1]; RandomNumberGenerator prng = new RNGCryptoServiceProvider(); prng.GetBytes(delay); Thread.Sleep((int)delay[0]); IDisposable disposable = prng as IDisposable; if (disposable != null) { disposable.Dispose(); } } </script> <html> <head runat="server"> <title>Error</title> </head> <body> <div> An error occurred while processing your request. </div> </body> </html> |
如果谁有更好的解决方法 ,谢谢提供!
