A client recently reached out to me to assist with a requirement that was requested after receiving a penetration test from an external vendor for their older Windows Server 2008 R1 Citrix XenApp 6.5 environment where when attempting to navigate to a page that did not exist, the browser would display a HTTP Error 404.0 – Not Found page that reveals the IIS version along with some other details of the web server:
Image may be NSFW.
Clik here to view.
What the client wanted to do was simply redirect the page to a custom page that did not reveal any information about the server. To do this, he placed a 404-Copy.htm page in the C:\Inetpub\wwwroot\Citrix directory:
Image may be NSFW.
Clik here to view.
… then redirecting the page via the following field in the 404 Custom Error Page:
/Citrix/404-Copy.htm
Image may be NSFW.
Clik here to view.
Image may be NSFW.
Clik here to view.
The problem with the configuration above is that the user would now be presented with the following HTTP Error 500.19 – Internal Server Error page with the message:
Absolute physical path "C:\inetpub\custerr\" is not allowed in system.webServer/httpErrors section in web.config file. Use relative path instead.
Image may be NSFW.
Clik here to view.
Searching for this error brought me to the following Microsoft blog post:
Custom Error Pages – HTTP Error 500.19 – Internal Server Error
https://blogs.msdn.microsoft.com/benjaminperkins/2012/05/02/custom-error-pages-http-error-500-19-internal-server-error/
Which suggested to used the Configuration Editor to configure the allowAbsolutePathsWhenDelegated to true but this option was not available in the IIS administration console:
Image may be NSFW.
Clik here to view.
The following is from another server with IIS 7.5 on Windows Server 2012 that has the Configuration Editor available:
Image may be NSFW.
Clik here to view.
After trying to find another way to set the variable but unable to find a way to, I found that we could get around this by simply place the 404-Copy.htm page in the root directory C:\Inetpub\wwwroot:
Image may be NSFW.
Clik here to view.
Then referencing the page via the path:
/Citrix/404-Copy.htm
Image may be NSFW.
Clik here to view.
Image may be NSFW.
Clik here to view.
Providing us with the result that we wanted:
Image may be NSFW.
Clik here to view.
Another method which is not preferred is to completely remove the 404 error page as such:
Image may be NSFW.
Clik here to view.
Which would result in the following page displayed:
Image may be NSFW.
Clik here to view.
Troubleshooting this issue on this older Windows 2008 R1 server was a but of a nuance so I hope this post would save someone else a bit of time.