IIS Custom HTTP Error Messages
When a client makes an invalid request to an IIS server, IIS responds with an error code that is congruent with the HTTP 1.1 specification. IIS comes with a set of HTTP 1.1 error files in HTML format. However, IIS can be configured to send alternative files or strings.
For information about how to configure IIS to send alternative error files, see the topics Configuring Custom Error Messages and Substatus Error Codes in Log Files on the Microsoft TechNet Web site. Additional information can be found in Best Practices with Custom Error Pages.
HTTP 1.1 error messages are returned to the client browser in the form of an HTML page that contains a generic message. When a user attempts to connect to a Web site and an HTTP error occurs, an error message is sent back to the client browser with a brief description of what happened during the attempt to establish a connection. For example, if a user attempts to connect to a Web site that has reached its maximum connection capacity, an HTTP error is returned to the client that contains the statement "Too many users."
All the IIS custom error message files that come with IIS display industry-standard HTTP codes, which ensure consistency with HTTP 1.1 error messages.
Custom error messages are configured in a metabase property called HttpErrors. When a set of custom error messages is configured at the Web-site level, all directories under that server inherit the entire list of custom error messages. That is, the two custom error message lists (for the server and the directory) are not merged.
Use the Custom Errors property sheet in IIS or programmatically configure the HttpErrors metabase property to customize HTTP error messages by specifying an alternative file or string to display when an error occurs.
The following HTTP error messages can be customized with IIS. Other errors are handled by the client browser.
Cannot resolve the request.
Unauthorized: Access is denied due to invalid credentials.
Unauthorized: Access is denied due to server configuration favoring an alternate authentication method.
Unauthorized: Access is denied due to an ACL set on the requested resource.
Unauthorized: Authorization failed by a filter installed on the Web server.
Unauthorized: Authorization failed by an ISAPI/CGI application.
Unauthorized: Access denied by URL authorization policy on the Web server.
Forbidden: Access is denied.
Forbidden: Execute access is denied.
Forbidden: Read access is denied.
Forbidden: Write access is denied.
Forbidden: SSL is required to view this resource.
Forbidden: SSL 128 is required to view this resource.
Forbidden: IP address of the client has been rejected.
Forbidden: SSL client certificate is required.
Forbidden: DNS name of the client is rejected.
Forbidden: Too many clients are trying to connect to the Web server.
Forbidden: Web server is configured to deny Execute access.
Forbidden: Password has been changed.
Forbidden: Client certificate is denied access by the server certificate mapper.
Forbidden: Client certificate has been revoked on the Web server.
Forbidden: Directory listing is denied on the Web server.
Forbidden: Client access licenses have exceeded limits on the Web server.
Forbidden: Client certificate is ill-formed or is not trusted by the Web server.
Forbidden: Client certificate has expired or is not yet valid.
Forbidden: Cannot execute requested URL in the current application pool.
Forbidden: Cannot execute CGIs for the client in this application pool.
Forbidden: Passport logon failed.
File or directory not found.
Tools like URLScan can be configured to block processing of certain file name extensions. Check your URLScan settings.
File or directory not found: Web site not accessible on the requested port.
The 404.1 error can occur only on computers with multiple IP addresses. If a specific IP address/port combination receives a client request, and the IP address is not configured to listen on that particular port, IIS returns a 404.1 HTTP error. For example, if a computer has two IP addresses and only one of those IP addresses is configured to listen on port 80, any requests received on the other IP address with port 80 result in IIS returning a 404.1 error. This error should be set only at the service level because it is returned to clients only when multiple IP addresses are used on the server.
File or directory not found: Lockdown policy prevents this request.
File or directory not found: MIME map policy prevents this request.
HTTP verb used to access this page is not allowed.
Client browser does not accept the MIME type of the requested page.
Initial proxy authentication required by the Web server.
File has been removed.
Precondition set by the client failed when evaluated on the Web server.
Request URL is too large and therefore unacceptable on the Web server.
Internal server error.
Server error: Application is shutting down on the Web server.
Server error: Application is busy restarting on the Web server.
Server error: Web server is too busy.
Server error: Invalid application configuration on the server.
Server error: Direct requests for GLOBAL.ASA are not allowed.
Server error: UNC authorization credentials incorrect.
Server error: URL authorization store cannot be found.
Server error: URL authorization store cannot be opened.
Server error: Data for this file is configured improperly in the metabase.
Server error: URL authorization scope cannot be found.
Internal server error: ASP error.
Header values specify a configuration that is not implemented.
Web server received an invalid response while acting as a gateway or proxy server.