Shares 12

You can redirect 403 (Forbidden) request to 404 (Not Found)

Why?

403 (Forbidden Request) give a clue that you got a correct path and you don’t have permission to access. This confirms file/folder exist and it’s restricted.

Thus, 403 (Forbidden Request) allow the hacker to know more about your file system structure and room for security vulnerabilities.

Solution: –

There are many ways to achieve this, below example using mod_rewrite

1.     Enable mod_rewrite.so module in your httpd.conf of Apache/IBM HTTP Server

LoadModule rewrite_module modules/mod_rewrite.so

2.     Turn on RewriteEngine and write RewriteRule

RewriteEngine On
RewriteRule ^/test/?$ /404 [L]
RewriteRule ^/test?$ /404 [L]

Note: the test is your Alias/Directory which request will be forwarded to 404 (Not Found) request.

3. Restart Apache/IBM HTTP Server

Let me know how it goes.

Shares 12

Reader Interactions

Comments

Your email address will not be published. Required fields are marked *