Redirect 403 HTTP status return code to 404
403 (forbidden) HTTP status code gives a clue about a correct path, and you don’t have permission to access it. This confirms file/folder exists and it’s restricted.
Thus, 403 allows the hacker to know more about your file system structure and room for security vulnerabilities.
It’s a good idea to redirect 403 return code to 404 (not found), so there is no room for a guess. This is often asked to implement in the payment industry or transactional application production system.
There are multiple ways to get this done and following I’ve explained doing in Apache HTTP, Nginx.
Note: take a backup of the necessary configuration file before modifying. And if possible, test in non-production first.
We will use
ErrorDocument directive to achieve this
- Create a file at
DocumentRootlevel which will be served at 404
- Let’s name the file 404
- Add the following in httpd.conf file
ErrorDocument 403 /404
Above, I am instructing Apache to serve /404 file whenever 403 occurred
- Save the configuration file and restart Apache to test it
error_page directive to get this done
- Create a file name called 404.html
- Add the following in
serversection under Nginx configuration file
error_page 404 /404.html; error_page 403 =404 /404.html;
Above, in the first line, Nginx will serve /404.html whenever file not found and the second line, /404.html will be served whenever requested resources return 403.
You can use the Custom Error Pages plugin which allows you to setup a custom page for 401 and 403 status code.
I hope this helps you. If you are interested in learning Web Security then I would suggest checking out this course.
More great readings on Apache HTTP
How to Redirect AMP Page to Non-AMP in Nginx, Apache, Cloudflare?Abhishek Nair on September 27, 2021
How to Install Apache and Secure with Let’s Encrypt Certtificate?Aghilan Baskar on April 5, 2021
How to Block .git in Apache, Nginx and Cloudflare?Chandan Kumar on October 27, 2020
How to Protect Page with Password in Apache, Nginx, WordPress, Hosting?Chandan Kumar on September 11, 2020
How to Implement ZeroSSL Certificate in Apache and Nginx?Asad Ali on May 24, 2020
How to Enable CORS in Apache and Nginx?Chandan Kumar on October 18, 2019
Join Geekflare Newsletter
Every week we share trending articles and tools in our newsletter. More than 10,000 people enjoy reading, and you will love it too.