Venom
Reputation: 1106
how to secure elmah.axd if I am not using ASP.NET Membership
I am using Elmah as error logging system in asp.net web form project. But in elmah any one can read error log by pasting /elmah.axd in the url
And I can not check authorization because I am not using ASP.NET Membership.
Upvotes: 0
Views: 405
Answers (2)
user2682322
Reputation: 23
I've found that the easiest option is to change the elmah.axd bits in the web.config to something else that no one will guess. Eg myerrors.axd (obviously choose something more obscure).
Then only you know what the page name is to view the errors....
Upvotes: 0
SilverlightFox
Reputation: 33538
Can you lock it down with IP security (IIS7 +)?
<location path="elmah.axd">
<system.web>
<httpHandlers>
<add verb="POST,GET,HEAD" path="elmah.axd" type="Elmah.ErrorLogPageFactory, Elmah" />
</httpHandlers>
<!--
See http://code.google.com/p/elmah/wiki/SecuringErrorLogPages for
more information on using ASP.NET authorization securing ELMAH.
-->
</system.web>
<system.webServer>
<security>
<ipSecurity allowUnlisted="false" >
<add ipAddress="127.0.0.1" allowed="true"/>
</ipSecurity>
</security>
<handlers>
<add name="ELMAH" verb="POST,GET,HEAD" path="elmah.axd" type="Elmah.ErrorLogPageFactory, Elmah" preCondition="integratedMode" />
</handlers>
</system.webServer>
</location>
Upvotes: 1
Related Questions
- How do I secure Elmah on ASP.Net MVC 4 with Windows Integrated Security : Elmah ignores my settings
- How to secure Elmah.axd?
- Securing Elmah in ASP.NET website
- Custom authentication for Elmah in .net mvc
- Password protect Elmah while web application Anonymously accessible
- How do i restrict access to elmah without using in-built authentication?
- How to secure Elmah in MVC in area
- How to provide only Access for ELMAH.axd for Administrator login in web
- Secure elmah with ASp.NET security but only to some users
- Password-Protecting Elmah.axd file