Joshua, Three questions in hopes of bettering my understanding of Apache. Why not just edit the conf file to take the 403 error and have it redirect to the Apache 404 error page within the error directory? Example below. ErrorDocument 403 /error/HTTP_NOT_FOUND.html.var ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var As an alternative, why not just edit the actual 403 error page contents to reflect the error you desire. Finally, You mention that "it's more than a waste of time, it is deliberately crippling of HTTP". Why? >>> joshua@xxxxxxxx 5/22/2007 7:28 PM >>> On 5/22/07, Bhagwati Gupta <bpg10000@xxxxxxxxx> wrote: > Hi, > I am running Apache 2.2.3 on my Debian 3.1 sarge machine. My local > web security team has examined the system and generated a detailed > security report. One of the issues that I am having difficulty to fix > relates to hidden directories. I have been advised to change the server > configuration such that '404 - not found' response is issued for > forbidden resources as opposed to '403 - forbidden' response. I have > tried looking on the web but have yet to find anything that could solve > my problem. I am not sure exactly how server responses for hidden > directories (or missing files) can be customized. Could you please help? > Thanks! Sounds like a silly waste of time to me. (Actually, it's more than a waste of time, it is deliberately crippling of HTTP.) But anyway, if you want to lie about error codes, you can go all the way and change the to redirects: ErrorDocument 404 http://example.com/not_found.html ErrorDocument 403 http://example.com/not_found.html If you just want to lie about 403 only, then the only way I know (other than editing the code) is to point to a cgi script that emits its own "Status: 404" header: ErrorDocument 403 /cgi-bin/lie-about-the-status-code.pl Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|