suppose your url is
http://www.xyz.com/default
and some hacker try for hacking the website so type some script text on url like
http://www.xyz.com/default/<script>alert("xss");</script>
for preventing this types of scripting
use this code inside the web.config file
<httpRuntime requestValidationMode="2.0" />
<customErrors mode="On" defaultRedirect="http://www.msn.com">
</cusomErrors>
//if you try for redirect the url on your domain url (http://www.xyz.com) then give error so give other url name
//for preventing xss script