We have a web application. The backend is an Apache Web Server (Version 2.2).
As described in the following document
https://httpd.apache.org/docs/2.4/custom-error.html
we have configured an ErrorDocument for 404 which redirects to a cgi program.
ErrorDocument 404 /cgi-bin/log_false_request.pl
In the program "log_false_request" we write the ip address, the user-agent and
the original URL (request uri) of the request to a log file.
When an http error 500 happens and the request is a post, it would also be
interesting to have the post body.
Does apache also redirect the response body in case of a post request?
Thanks alot in advance.
Related
I have configure my domain and SSL in AWS EC2 instance. When i write domain in browser, amazon test page has been loaded successfully but in browser console, it shows below error:
Request URL: https://xxxxx.com/
Request Method: GET
Status Code: 403 Forbidden
Remote Address: xx.xx.xx.xx:443
Referrer Policy: no-referrer-when-downgrade
Even when i test my domain in tools like "pingdom", it also display "403 Forbidden" in response code.
Can anyone provide solution to fix "403 Forbidden" issue?
This means your web server (apache, nginx ) https directory is different than HTTP
forbidden probably means you don't have index page in the www folder, for example, index.html, usually for the HTTP port there is a welcome page in the default configuration but not for https
Is there a way, on apache server, to make a specified page, to send code 404 in browser?
I work on an application, where if you tap a url that is not recognised, the application sends code 302, and makes a redirect instead of a page error.html who send code 200 which is normal because is a page who exist.
I need to modify the code for page error.html in 404 from httpd.conf.
Can you help me please?
I've tried with ErrorDocument 404 /error, but the application does not send 404, it sends 302. I need to rewrite this 302 in 404.
create an error page 404.html on the httpd DocumentRoot.
Add ErrorDocument 404 /404.html in httpd.conf.
Restart Apache and access a page that does not exist.
I have a simple 404 error redirect in the .htaccess to my script like this:
ErrorDocument 404 https://example.com/error.pl?q=404
But on the redirect the address is changed in the address bar of the browser to this https://example.com/error.pl?q=404 from the wrong address (from which the redirect is performed).
How to keep the initial address in the browser address bar while redirecting to the custom error page?
Your kind help is highly appreciated!
Use link without domain name:
ErrorDocument 404 /error.pl?q=404
Note that when you specify an ErrorDocument that points to a remote
URL (ie. anything with a method such as http in front of it), Apache
HTTP Server will send a redirect to the client to tell it where to
find the document, even if the document ends up being on the same
server. This has several implications, the most important being that
the client will not receive the original error status code, but
instead will receive a redirect status code. This in turn can confuse
web robots and other clients which try to determine if a URL is valid
using the status code.
https://httpd.apache.org/docs/2.4/en/mod/core.html#errordocument
I have Apache installed on my server and I need to redirect from http to https. The reason for this is our load balancer solution cannot hand https so requests come in on http and then we transfer them to https using the below lines in the httpd.conf file.
<VirtualHost 10.1.2.91:80>
Redirect 302 /GladQE/link https://glad-test.com/GladQE/link.do
</VirtualHost>
This works fine for GET requests but POST requests will lose the parameters passed on the URL. What would be the easiest way to perform this redirect and maintain POST params?
I need to get from http://glad-test.com/GladQE/link.do to here https://glad-test.com/GladQE/link.do maintaining POST params
Thanks
Tom
You can try with the HTTP status code 307, a RFC compilant browser should repeat the post request.
Reference: http://en.wikipedia.org/wiki/List_of_HTTP_status_codes
In contrast to how 302 was historically implemented, the request
method is not allowed to be changed when reissuing the original
request. For instance, a POST request should be repeated using another
POST request.
To change from 302 to 307, do that:
<VirtualHost 10.1.2.91:80>
Redirect 307 /GladQE/link https://glad-test.com/GladQE/link.do
</VirtualHost>
Standard Apache redirects will not be able to handle POST data as they work on the URL level. POST data is passed in the body of the request, which gets dropped if you do a standard redirect.
You have an option of either using a PHP script to transparently forward the POST request, or using a combination of Rewrite (mod_rewrite) and Proxy (mod_proxy) modules for Apache like follows:
RewriteEngine On
RewriteRule /proxy/(.*)$ http://www.example.com/$1 [P,L]
P flag passes the request to the Proxy module, so anything that comes to your site (via GET or POST doesn't matter) with a URL path starting with a /proxy/ will transparently be handled as a proxy redirect to http://www.example.com/.
For the reference:
http://httpd.apache.org/docs/current/mod/mod_rewrite.html
http://httpd.apache.org/docs/current/mod/mod_proxy.html
Either your public facing website MUST use SSL to protect confidentiality or there is no sensitive data enver passing through it, and no possibility that your site will ever be used for a lauinchboard for sslstripping (there's a very good reason why Google serve up search results over HTTPS).
If you are not encrypting traffic between browser and your site then why are you trying to encrypt them between your load balancer and your webserver? If you do happen to have a SSL termination outside the load balancer (a very silly approach) then using HTTPS between the load balancer and the webserver is far from efficient. The question also implies lots of other security problems like session fixation/sniffing and SSLStripping vulnerabilities.
I'm having a problem implementing custom 404 error pages. my setup is a front-end apache 2.2.6 proxy request other than static file to the backend app server(apache 1.3.36)
i send 404 header back along with error page when user request a non-existing page to the backend server. I do get the error page back but somehow the backend apache server injects its own 404 not found page in the error page as well.
here is what injected to the not found page by apache:
Not Found
The requested URL /product/8jd4776 was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/1.3.36 Server at www.example.com Port 8888
any idea why this is happening?
set "ProxyErrorOverride On" with ErrorDocument in the front-end apache server solve the problem.
The content length of your custom 404 message must be 512 bytes or more.