SHARE

Error Page

You have to configure your website to either redirect the user to its homepage or to show a custom error page when a user tries to load a non-existent page. Otherwise, most web servers will advertise its name and version. Knowing the name and version of the web server software, a hacker can look online for known security flaws with the software you are using and try to exploit them.

Simply try to load http://www.yourwebsite.com/asjgasja or any set of random characters as the name of a page and see what is displayed. In Figures 5 and 6, we give two examples of websites that are not correctly configured, and we could easily discover that the first one (Figure 5) is running nginx version 1.4.2, while the second one (Figure 6) is running Apache version 2.2.8.

Website without a custom error page displaying the name and version of the server softwareFigure 5: Website without a custom error page displaying the name and version of the server software

Website without a custom error page displaying the name and version of the server softwareFigure 6: Website without a custom error page displaying the name and version of the server software

The way this is fixed depends on the server software and whether you have full access to the server where your website is hosted or not. If you have full access to the webserver, you should edit the httpd.conf file, add the lines below , and restart Apache (assuming that you are using Apache, which is the most popular webserver software available).

ErrorDocument 403 http://www.yourwebsite.com

ErrorDocument 404 http://www.yourwebsite.com

If you do not have this kind of access, you should discuss this configuration with your hosting company.

1
2
3
4
5
6
7

Gabriel Torres is a Brazilian best-selling ICT expert, with 24 books published. He started his online career in 1996, when he launched Clube do Hardware, which is one of the oldest and largest websites about technology in Brazil. He created Hardware Secrets in 1999 to expand his knowledge outside his home country.