Hide Apache error codes

Asked Dec 21 '16 at 16:26

Active Dec 21 '16 at 16:26

Viewed 579 times

I'm trying to hide the error states returned by Apache. I want all error code (403, 404, 500, ...) to return the same status code (for example 404).

I know how to hide that there are certain resources that exist sending a fake status code, using RedirectMatch Ej

RedirectMatch 404 ^ / phpmyadmin (/.*)?$
RedirectMatch 404 ^ / server-status (/.*)?$
RedirectMatch 404 ^ / munin (/.*)?$

But I wish I could hide any error messages (banned, not found ...) without having to indicate each of the resources

asked Dec 21 '16 at 16:26

Juan Carlos L.A.

Are you sure you want to do that? You don't ever expect that your server will misbehave, and you yourself will benefit from those 500 errors? What about the 401 error code, prompting the browser for a http auth? – andol Dec 21 '16 at 19:41
To truly mask all of them, you would need to edit the source and recompile. You can also accomplish this if you have haproxy in front of apache. It can rewrite all the status codes. As @andol said, you may run into problems doing this. I do this on a low-interaction honeypot on purpose, using `http-response set-status 200 if { status 407 }` in haproxy for each of the codes that I want to rewrite to 200. – Aaron Dec 21 '16 at 20:37

0 Answers0