Hi all, does anyone maybe know of a way to block the extensive 500 error messages of MASA CMS on production systems, but still show them on DEV-systems? A switch or setting somewhere?

Which 'extensive 500 error messages' are you referring to?

This is what we have now:

Maybe investigate why it's throwing a 500? Just worrying about suppressing the 500 seems a bit like 'well our house is on fire, how can we not disturb the neighbors'

This is how it was:

yeah I'd dig into that and see what's going on there, make sure the version of Masa you're running is current

So my question was how do I prevent everyone who deliberately throws an error to disclose information

Your IIS solution is one way, Lucee has a setting to only show error/debugging info to certain IPs or not at all as well

I wanted to prevent unnecessary information disclosure

but I'm not clear on why anybody would be 'deliberately throwing an error' on production

I have set the Lucee error-handling to error_public in the Server-admin, it still throws the error shown with all the information I do not want to disclose - hence the IIS setting change

you're right that you should be suppressing that stuff to the general public, but ideally, it doesn't error in the first place

So my question was on how to suppress this, not about having a specific error 🙂

See the debuggingenabled and errortemplate settings - https://docs.masacms.com/getting-started/configuration/configuration-file/ We set debuggingenabled to True on local and dev to see robust error info and false on stage and prod where we render a custom friendly error page and send the actual error details to our application monitoring channels.