0

I'm trying to hide the error states returned by Apache. I want all error code (403, 404, 500, ...) to return the same status code (for example 404).

I know how to hide that there are certain resources that exist sending a fake status code, using RedirectMatch Ej

RedirectMatch 404 ^ / phpmyadmin (/.*)?$ RedirectMatch 404 ^ / server-status (/.*)?$ RedirectMatch 404 ^ / munin (/.*)?$

But I wish I could hide any error messages (banned, not found ...) without having to indicate each of the resources

Improve this question
2
  • Are you sure you want to do that? You don't ever expect that your server will misbehave, and you yourself will benefit from those 500 errors? What about the 401 error code, prompting the browser for a http auth? Commented Dec 21, 2016 at 19:41
  • To truly mask all of them, you would need to edit the source and recompile. You can also accomplish this if you have haproxy in front of apache. It can rewrite all the status codes. As @andol said, you may run into problems doing this. I do this on a low-interaction honeypot on purpose, using http-response set-status 200 if { status 407 } in haproxy for each of the codes that I want to rewrite to 200. Commented Dec 21, 2016 at 20:37

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.