Improvement #10 - ELMAH Security Validator
Thomas Ardal, March 4, 2016
One of the nice features in ELMAH is also one of the more dangerous. As default, access to your ELMAH logs (/elmah.axd) is available from localhost only. But using a small config change, you can actually browse your errors logs on a deployed website. Troy Hunt already proved why open ELMAH logs are very dangerous and can be easily exploited by hackers. To help you secure your ELMAH logs, we introduce the ELMAH Security Validator.
The ELMAH Security Validator lets you input your URL and seconds later you will be presented with the result of the scan:
The tool is available at https://elmah.io/tools/validator.
We'll do a follow up on all of the improvements next week. So for now, have a great weekend.
This post was brought to you by the elmah.io team. elmah.io is the best error management system for .NET web applications. We monitor your website, alert you when errors start happening and help you fix errors fast.