Browse Source

Add patch: Apache - disable additional errormsg

master
Pekka Helenius 3 years ago
committed by GitHub
parent
commit
ef7ac8c4d2
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 23 additions and 0 deletions
  1. +23
    -0
      patches/patch_apache_disable_additional_errormsg

+ 23
- 0
patches/patch_apache_disable_additional_errormsg View File

@ -0,0 +1,23 @@
Author: Pekka Helenius (~Fincer), 2018
Patch: Remove additional error string from Apache server HTTP-based HTML output message. Especially, do not give any clear hints about existence of Apache ErrorDocument parameter to the client.
This patch is useful for obfuscating server identity to a client but can bury underneath problems in server configuration and thus hamper debugging of errors which are based on HTTP return codes. Thus, use discretion before implementing the patch in your Apache server configuration.
--- a/modules/http/http_protocol.c
+++ b/modules/http/http_protocol.c
@@ -1542,12 +1542,12 @@ AP_DECLARE(void) ap_send_error_response(
get_canned_error_string(status, r, location),
NULL);
- if (recursive_error) {
+ /*if (recursive_error) {
ap_rvputs_proto_in_ascii(r, "<p>Additionally, a ",
status_lines[ap_index_of_response(recursive_error)],
"\nerror was encountered while trying to use an "
"ErrorDocument to handle the request.</p>\n", NULL);
- }
+ }*/
ap_rvputs_proto_in_ascii(r, ap_psignature("<hr>\n", r), NULL);
ap_rvputs_proto_in_ascii(r, "</body></html>\n", NULL);
}

Loading…
Cancel
Save