"The Hidden HTTP Errors" (Behind IIS)

You send an HTTP request and get back an HTTP error but with an HTML error page which you didn't expect... what's happening?... 🤔

Specifically for example, perhaps you tried to READ a FHIR Resource (e.g. /Patient/123) and you get back a 404 error page, even though with other Patient IDs, you get back the Resource payload, so "the page" definitely does exist... why should you be getting a 404 error page? 🙄

The answer to these questions is related to the IIS Web Server behavior with regard to handling errors.

IIS has 3 options for displaying errors:

• Always only show custom error pages
• Always show detailed server errors
• For local requests show detailed errors, but for remote requests show the custom error pages.

This last option is more secure (than always showing detailed errors) because sometimes the error details might expose internal info you don't want external users to have. Hence this is the default for IIS.

But that means that if you are testing against a remote server the actual errors will be hidden from you. So you would want to change this to be 'Detailed errors' (at least for debugging stages, and assuming you are taking into account external access, and perhaps limiting it).

See more details about this setting in a related IIS article (and you can see this related section in our Documentation that discusses this).

The specific FHIR example I mentioned is an interesting case, as a 404 error could simply mean that a specific FHIR Resource was not found (the ID you were trying to read is not in the Repository), not that you have some problem with the server ("page not found").

For example if you can see the detailed error you will see something like this:

But without the detailed error, you would get just a custom error page, like this:

And this might be misleading, so keep this IIS setting in mind.