|
SecuringErrorLogPages
How to securely the error log pages from unauthorized users
Securing Error Log PagesYou can secure ELMAH's display or feeds in two ways:
Both of these are discussed in the sub-sections that follow. Enabling or Disabling Remote AccessELMAH provides a configuration section and setting to enable or disable remote access to the error log display and feeds. When disabled (the default), only local access to the error log display and feeds is allowed. The snippet below shows how to enable remote access: <elmah>
<security allowRemoteAccess="1" />
</elmah> To enable remote access, the value of the allowRemoteAccess attribute can be 1, yes, true or on. Otherwise it is disabled. In any event, local access is always available. Note: Make sure you have declared the expected configuration sections in order to apply the above configuration. See Declaring configuration sections for more. Granting or Denying Access via ASP.NET AuthorizationBesides the integrated security setting offered by ELMAH, ASP.NET provides its own authorization mechanism. For example, suppose ELMAH's error log display handler is registered for the path elmah.axd. Do deny access to this path to anonymous users, add the following to your configuration: <location path="elmah.axd">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location> For more information, see also: |
Sign in to add a comment
