Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: apache and 404/404 status codes

From: mikael.olsson () ENTERNET SE (Mikael Olsson)
Date: Sat, 8 Jul 2000 05:19:22 +0200

Shelagh Pepper wrote:


At 12:26 PM 7/7/00 +0200, Slawek wrote:

Hopefully Apache has an option to map all 403 result codes to 404.


Error codes can be mapped as follows (in conf or .htaccess files if
FileInfo override permission has been granted):
ErrorDocument 404 /Lame_excuses/not_found.html
ErrorDocument 403 /Lame_excuses/not_found.html


Correct me if I'm wrong, but this won't help, since if you look
at the HTTP response headers, it'll still say HTTP/403 and
HTTP/404, respectively.

Sure, having the same HTML text will fool the casual hacker, but
anyone a wee bit more knowledgeable, or simply someone using
HEAD rather than GET, is sure to see the "real" HTTP response
code.

ngnghhh 5 am and 12 hours of IP span reconfiguration... Time for
some serious "Zzzz"s...

--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 29 92 00         Direct: +46 (0)660 29 92 05
Mobile: +46 (0)70 66 77 636        Fax: +46 (0)660 122 50
WWW: http://www.enternet.se/       E-mail: mikael.olsson () enternet se
Previous By Date Next
Previous By Thread Next

Current thread: