Author: Pekka Helenius (~Fincer), 2018

Patch: Remove additional error string from Apache server HTTP-based HTML output message. Especially, do not give any clear hints about existence of Apache ErrorDocument parameter to the client.

This patch is useful for obfuscating server identity to a client but can bury underneath problems in server configuration and thus hamper debugging of errors which are based on HTTP return codes. Thus, use discretion before implementing the patch in your Apache server configuration.

--- a/modules/http/http_protocol.c
+++ b/modules/http/http_protocol.c
@@ -1542,12 +1542,12 @@ AP_DECLARE(void) ap_send_error_response(
                                  get_canned_error_string(status, r, location),
                                  NULL);
 
-        if (recursive_error) {
+        /*if (recursive_error) {
             ap_rvputs_proto_in_ascii(r, "<p>Additionally, a ",
                       status_lines[ap_index_of_response(recursive_error)],
                       "\nerror was encountered while trying to use an "
                       "ErrorDocument to handle the request.</p>\n", NULL);
-        }
+        }*/
         ap_rvputs_proto_in_ascii(r, ap_psignature("<hr>\n", r), NULL);
         ap_rvputs_proto_in_ascii(r, "</body></html>\n", NULL);
     }