|
Home > Archive > Apache Server configuration support > September 2005 > [Apach 2.0.54.0] Return 404 Error in HTTP Header instead of 403
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
[Apach 2.0.54.0] Return 404 Error in HTTP Header instead of 403
|
|
| jasonpeterbrown@gmail.com 2005-09-25, 5:54 pm |
| Is there any way to configure Apache 2.0.54.0 (Windows XP) to return
404 error codes in the HTTP Header instead of 403 error codes? It seems
to me that returning 403 for protected forlders is giving potential
hackers more information than they need (or perhaps I am being
paranoid?). I have looked into the ErrorDocument settings, and while I
can change the returned page to appear as though it is a 404 error, a
quick look at the HTTP Header reveals that the server returns a 403
error anyway. Any ideas?
Thanks in advance.
| |
|
| <jasonpeterbrown@gmail.com> schreef in bericht
news:1127685481.554285.264870@g44g2000cwa.googlegroups.com...
> Is there any way to configure Apache 2.0.54.0 (Windows XP) to return
> 404 error codes in the HTTP Header instead of 403 error codes? It
> seems to me that returning 403 for protected forlders is giving potential
> hackers more information than they need (or perhaps I am being
> paranoid?).
Even with the 403 changed into a 404, you cannot hide the first response
'HTTP/1.x 401 Authorization Required' as it triggers the browser to ask THE
question to the user.
> I have looked into the ErrorDocument settings, and while I
> can change the returned page to appear as though it is a 404 error, a
> quick look at the HTTP Header reveals that the server returns a 403
> error anyway.
So a user making a typo will be ... confused ...
> Any ideas?
If you persist in messing with the standard ...
.... make nph-403to404.cgi your 403-errordocument.
A nph-* script has full freedom of setting or _tampering_ headers.
HansH
|
|
|
|
|