Enable detailed IIS errors

• Author
• Recent Posts

Surender Kumar

Surender Kumar has more than twelve years of experience in server and network administration. His fields of interest are Windows Servers, Active Directory, PowerShell, web servers, networking, Linux, virtualization, and penetration testing. He loves writing for his blog.

Latest posts by Surender Kumar (see all)

• Proxmox Backup Server: Install and configure - Fri, May 19 2023
• Using Docker with NAS and NFS - Mon, May 15 2023
• Create a Proxmox cluster - Fri, May 5 2023

The detailed errors also reveal HTTP substatus codes, which are helpful in debugging complex issues. The bad guys out there could use this information to conduct attacks on a web server or website. That is why the IIS server only shows a custom error page for remote requests by default.

Why are detailed errors important?

As discussed above, detailed errors are important when you want to debug a problem in a website hosted on a server running IIS. The custom error page shows an error message that is usually ambiguous. Let's have a look at the two screenshots below:

403 Forbidden Access is denied error using custom error page

The above screenshot shows a typical 403 – Forbidden: Access is denied error using the custom error page displayed by IIS. It is not very helpful for website administrators. Now, let's have a look at the following screenshot:

403.14 Forbidden error with detailed error mode enabled

This screenshot shows the same error with detailed error mode enabled. Now, it shows plenty of useful information that an administrator can use to identify the cause and fix the problem.

Enabling detailed errors using the IIS manager

To enable detailed errors:

1. Open the IIS manager by pressing WinKey+R, typing inetmgr, and pressing Enter.
2. Expand the Sites node and select the website for which you want to enable detailed errors.
3. Under the IIS section in the Features View, double-click Error Pages (see the following screenshot).

Locating the error pages section in the IIS manager

4. In the Actions pane on the right, click Edit Feature Settings.
   

Enabling detailed errors in IIS manager

5. In Error Responses, you will see three options:
   1. Custom error pages
   2. Detailed errors
   3. Detailed errors for local requests and custom error pages for remote requests (default)
6. Now select either the second or third option and click OK.

Viewing the detailed error modes in IIS

Since you can directly access the web server using remote desktop, selecting the third option is best. Now, you can open the web browser on the server itself and try to load the problematic webpage to see a detailed error page containing more technical information. By doing this, you're not enabling the bad guys out there to view the detailed information, since the detailed error is only displayed for local requests.

Enabling detailed errors using the web.config file

There are situations in which you cannot use the IIS manager to enable detailed errors. For example, if your website is hosted on a shared hosting site, you won't have access to the IIS manager. In such scenarios, you could enable detailed errors using the web.config file, which is usually located in the root directory of the website. Just add the following line inside the <system.webServer> tag:

<httpErrors errorMode="Detailed" />

Enabling detailed errors using web.config file

Remember that by adding this line to the web.config file, you are forcing IIS to throw the detailed errors for local or remote requests.

Once you identify the root cause of the problem, it is always recommended to disable detailed errors to prevent your website from revealing sensitive information.