After writing so much about the ASP.NET cryptographic padding oracle exploit, and the recommended workaround of a static error document, it dawned on me that I should probably make some custom error documents for my domains.
And then I decided I should share them. So, if you’re so inclined, you can download the custom error documents I use on this site. I release all code under the latest version of the GNU GPL.
I’ve created pages for 401 (unauthorized), 403 (forbidden), 404 (not found) and 500 (internal server) HTTP errors.
I designed these to be valid XHTML 1.0; to appear well in all screen resolutions from 1024 x 768 and greater; and to appear the same on most Web browsers. (Of course, I exclude Internet Explorer prior to version 7 from that list.)
This little exercise also gave me a chance to play with the Google Font API. There aren’t a lot of fonts available yet, but using the API couldn’t be simpler.
All links in this post on delicious: http://www.delicious.com/dougvdotcom/custom-errordocuments-available-for-download