How to set a default message for a invalid URL when using Apache/Tomcat ?
search cancel

How to set a default message for a invalid URL when using Apache/Tomcat ?

book

Article ID: 16628

calendar_today

Updated On:

Products

CA Rapid App Security CA Advanced Authentication CA API Gateway

Issue/Introduction

If an environment is using Apache / Tomcat and any URL that can be appended with displayable text by end user or an attacker, then a possibility of an attack exists. For example the displayed extraneous text could direct a user to go to rogue website. Hence, any attempt to alter an error message when hitting a production URL should be thwarted with a product specific error message. 



How to set a default error message for an invalid URL when using Apache/Tomcat ? 

Environment

Production

Resolution

Find the file “error/HTTP_NOT_FOUND.html.var” on your Apache Webserver and alter the contents to display the message of your choice. Here is an example where following error message should be displayed if the URL is incorrect.

 

Error Text to display

“The requested URL was not found on this server. The link seems to be wrong or outdated.  Please inform the author about the error.  If you entered the URL manually please check your spelling and try again”

================ content of the changed file follows==========

Content-language: en

Content-type: text/html; charset=ISO-8859-1

Body:----------en--

<!--#set var="TITLE" value="Object not found!"

--><!--#include virtual="include/top.html" -->

    The requested URL was not found on this server.

  <!--#if expr="$HTTP_REFERER" -->

    The link seems to be wrong or outdated.  Please inform the author about the error.

  <!--#else -->

    If you entered the URL manually please check your

    spelling and try again.

 

  <!--#endif -->

 

<!--#include virtual="include/bottom.html" -->

================ End of content to be changed file follows==========

 

Additional Information

None.