How to set a default message for a invalid URL when using Apache/Tomcat ?

Document ID : KB000016628
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

If an environment is using Apache / Tomcat and any URL that can be appended with displayable text by end user or an attacker, then a possibility of an attack exists. For example the displayed extraneous text could direct a user to go to rogue website. Hence, any attempt to alter an error message when hitting a production URL should be thwarted with a product specific error message. 

Question:

How to set a default error message for an invalid URL when using Apache/Tomcat ? 

Environment:
Production
Answer:

Find the file “error/HTTP_NOT_FOUND.html.var” on your Apache Webserver and alter the contents to display the message of your choice. Here is an example where following error message should be displayed if the URL is incorrect.

 

Error Text to display

“The requested URL was not found on this server. The link seems to be wrong or outdated.  Please inform the author about the error.  If you entered the URL manually please check your spelling and try again”

================ content of the changed file follows==========

Content-language: en

Content-type: text/html; charset=ISO-8859-1

Body:----------en--

<!--#set var="TITLE" value="Object not found!"

--><!--#include virtual="include/top.html" -->

    The requested URL was not found on this server.

  <!--#if expr="$HTTP_REFERER" -->

    The link seems to be wrong or outdated.  Please inform the author about the error.

  <!--#else -->

    If you entered the URL manually please check your

    spelling and try again.

 

  <!--#endif -->

 

<!--#include virtual="include/bottom.html" -->

================ End of content to be changed file follows==========

 

Additional Information:

None.