I have an exchange 2007 server that when someone tries to hit a page or directory on the server that does not exist, I want a HTTP 403 to be returned. How can I set that up?
Asked
Active
Viewed 134 times
0
-
Why do you want this and not a 404? – squillman Aug 09 '12 at 14:02
-
Project requirements state it should be a 403. Plus, wouldn't it be another layer of security since it would not indicate if a directory even existed or not? – Lysandus Aug 09 '12 at 14:11
1 Answers
0
You can configure a custom 404 handler in IIS but you also may need to fix any .net web.configs that might change this setting. OWA for example already has a global handler in it's web.config.
If you configure the 404 error handlers to be a URL so they are redirected to some code and from the code you can return a 403 response to the user. If you have asp enabled you use a simple asp script like:
<%@ Language=VBScript %>
<%
Response.Status="403 Forbidden"
Response.Write "These are not the 404's you're looking for"
%>
p.s. if the aim of this config is to limit directory discovery, you will need to point the 403's you are emulating at the same error handler. Also check if IIS is redirecting a /directory request without a / on the end to /directory/ before the 403 is sent, if the directory exists.
