Additional menu

Redirecting to 404 from 403

Redirecting to 404 from 403

Geek Flare Blog post is sponsored by Netsparker Web Application Security Scanner.

Redirect 403 HTTP status return code to 404

Why?

403 (forbidden) HTTP status code gives a clue about a correct path, and you don’t have permission to access. This confirms file/folder exist and it’s restricted.

Thus, 403 allow the hacker to know more about your file system structure and room for security vulnerabilities.

It’s a good idea to redirect 403 return code to 404 (not found), so there is no room for a guess. This is often asked to implement in payment industry or transactional application production system.

There are multiple ways to get this done and following I’ve explained doing in Apache HTTP, Nginx.

Note: take a backup of necessary configuration file before modifying. And if possible, test in non-production first.

Redirection in Apache HTTP

We will use ErrorDocument directive to achieve this

  • Create a file at DocumentRoot level which will be served at 404
  • Let’s name the file 404
  • Add the following in httpd.conf file
ErrorDocument 403 /404

Above, I am instructing Apache to serve /404 file whenever 403 occurred

  • Save the configuration file and restart Apache to test it

Nginx

Let’s use error_page directive to get this done

  • Create a file name called 404.html
  • Add the following in server section under nginx configuration file
error_page 404 /404.html;
error_page 403 =404 /404.html;

Above, in the first line, Nginx will serve /404.html whenever file not found and the second line, /404.html will be served whenever requested resources return 403.

I hope this helps you. Check out this course if interested in learning about web security hacking and penetration testing.

Reader Interactions

Chandan Kumar
About Chandan
Chandan Kumar is the founder of Geek Flare. Learn more here and connect with him on Twitter.

Leave a Reply

Your email address will not be published. Required fields are marked *

13 Shares
Share
Tweet
Stumble
Share