Vulnerability Development: Re: apache and 404/404 status codes

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: apache and 404/404 status codes

From: 11a () GMX NET (Bluefish)
Date: Sat, 8 Jul 2000 15:06:07 +0200

Error codes can be mapped as follows (in conf or .htaccess files if
FileInfo override permission has been granted):
ErrorDocument 404 /Lame_excuses/not_found.html
ErrorDocument 403 /Lame_excuses/not_found.html


Correct me if I'm wrong, but this won't help, since if you look
at the HTTP response headers, it'll still say HTTP/403 and
HTTP/404, respectively.

Apache gives a 302 directing the browser to the page, in either case.


Warning! This is wrong!

If you give a local path, it does NOT send a 404/403 message (if you
happen to use Microsoft Explorer it's really simple to check, 302's result
in the error message being showed, 403/404 get a Microsoft stupid
message[tm])

However!
ErrorDocument 404 http://test.com/Lame_excuses/not_found.html
ErrorDocument 403 http://test.com/Lame_excuses/not_found.html

Will do the trick. (it becomes a 302)

..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team

By Date By Thread

Current thread:

(no subject), (continued)