Apache HTTPD rewrite backend proxy HTTP error 500 to 503

Question

I have two use cases:

1. HTTPD is a proxy for a Tomcat application

2. HTTPD is a proxy for a PHP application

For compliance and security needs all 50x errors must be rewritten to 503 prior to sending back to a client. Exposing 50x errors leaks information about your application, so is bad practice.

I still wish to see 500s in the HTTPD log files, but must rewrite the HTTP error sent back to clients.

Constraints:

1. Using an external program or other application is out of the question, i.e. varnish, pound, nginx et al.

2. I do not wish to send back an error page, I only need to rewrite the HTTP status. i.e. change the HTTP/1.1 500 to a 503 in the following:

   [user@host]$ curl -I http://localhost:8080/500.php
   HTTP/1.1 500 Internal Server Error
   <OUTPUT OMITTED>
   

Is this possible?

Note: I created error pages with:

for http_status in 401 403 500 501 503; do
    echo -e "<?php\nhttp_response_code(${http_status});" > ${http_status}.php
done

Answer 1

Eureka!!

After cobbling together several other *exchange posts I have a workable solution; specify an error document for a backend 500 then return 503 for all calls to that document.

This block of code can sit in a VirtualHost definition:

ProxyErrorOverride on
ErrorDocument 500 /500.html

RewriteEngine on
RewriteCond %{REQUEST_URI} /500.html
RewriteRule .* - [R=503]

Sources:

• https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxyerroroverride
• https://httpd.apache.org/docs/2.4/mod/core.html#errordocument
• https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html#rewritecond
• https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html#rewriterule

Bonus Puppet Points:

$rewrites = [
  {
    comment      => ' Rewrite 503.html',
    rewrite_cond => ['%{REQUEST_URI} /503.html'],
    rewrite_rule => ['.* - [R=503]']
  }
]
$error_documents => [
  { 'error_code' => '500', 'document' => '/503.html' },
  { 'error_code' => '501', 'document' => '/503.html' },
  { 'error_code' => '502', 'document' => '/503.html' },
  # Creating an error document for 503 creates an infinite redirect loop
  { 'error_code' => '504', 'document' => '/503.html' },
  { 'error_code' => '505', 'document' => '/503.html' },
  { 'error_code' => '506', 'document' => '/503.html' },
  { 'error_code' => '507', 'document' => '/503.html' },
  { 'error_code' => '508', 'document' => '/503.html' },
  # There is no 509: https://en.wikipedia.org/wiki/List_of_HTTP_status_codes#5xx_Server_errors
  { 'error_code' => '510', 'document' => '/503.html' },
  { 'error_code' => '511', 'document' => '/503.html' },
]

apache::vhost { $name:
  ...
  error_documents      => $error_documents,
  proxy_error_override => true,
  proxy_pass           => [],
  rewrites             => $rewrites,
  ...
}