Improvement #10 - ELMAH Security Validator

This tool never really found its place and has been discontinued.

This is the tenth and final post in the series 10 improvements in 10 days. Yesterday we gave away a 15 % discount on MyGet. Today we wanted to end this series with a big bang.

One of the nice features in ELMAH is also one of the more dangerous. As default, access to your ELMAH logs (/elmah.axd) is available from localhost only. But using a small config change, you can actually browse your errors logs on a deployed website. Troy Hunt already proved why open ELMAH logs are very dangerous and can be easily exploited by hackers. To help you secure your ELMAH logs, we introduce the ELMAH Security Validator.

The ELMAH Security Validator lets you input your URL and seconds later you will be presented with the result of the scan:

ELMAH Security Validator

We'll do a follow up on all of the improvements next week. So for now, have a great weekend. Error logging and Uptime Monitoring for your web apps

This blog post is brought to you by is error logging, uptime monitoring, deployment tracking, and service heartbeats for your .NET and JavaScript applications. Stop relying on your users to notify you when something is wrong or dig through hundreds of megabytes of log files spread across servers. With, we store all of your log messages, notify you through popular channels like email, Slack, and Microsoft Teams, and help you fix errors fast.

See how we can help you monitor your website for crashes Monitor your website