Browse Source

Patch: Apache - disable additional errormsg from HTML output

master
Pekka Helenius 5 years ago
committed by GitHub
parent
commit
5c74cd32bf
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 24 additions and 0 deletions
  1. +24
    -0
      patches/patch_apache_disable_additional_errormsg.patch

+ 24
- 0
patches/patch_apache_disable_additional_errormsg.patch View File

@ -0,0 +1,24 @@
Author: Pekka Helenius (~Fincer), 2018
Patch: Remove additional error string from Apache server HTTP-based HTML output message. Especially, do not give any clear hints about existence of Apache ErrorDocument parameter to the client.
This patch is useful for obfuscating server identity to a client but can bury underneath problems in server configuration and thus hamper debugging of errors which are based on HTTP return codes. Thus, use discretion before implementing the patch in your Apache server configuration.
--- a/modules/http/http_protocol.c
+++ b/modules/http/http_protocol.c
@@ -1542,12 +1542,12 @@ AP_DECLARE(void) ap_send_error_response(
get_canned_error_string(status, r, location),
NULL);
- if (recursive_error) {
+ /*if (recursive_error) {
ap_rvputs_proto_in_ascii(r, "<p>Additionally, a ",
status_lines[ap_index_of_response(recursive_error)],
"\nerror was encountered while trying to use an "
"ErrorDocument to handle the request.</p>\n", NULL);
- }
+ }*/
ap_rvputs_proto_in_ascii(r, ap_psignature("<hr>\n", r), NULL);
ap_rvputs_proto_in_ascii(r, "</body></html>\n", NULL);
}

Loading…
Cancel
Save