Wednesday, 10 August 2016

Overiding backend service error page when using apache proxypass config

Most of the apps that I have supported before are large enterprise grade apps that use stand alone content management software and a large team of content authoring and publishing.
Most of the time those guys take care of every content related staff like site version notes and error pages.

I came across a smaller project this week and I was asked to handle the errors coming out of the application for security reasons.
The application was hosted by tomcat and had apache infront of it to do proxy pass work and Shibboleth authentication.

Tomcat default error page is is very basic yet give a way a lot of info about the tomcat version your application runs, thus it is a good idea to hid it if possible.

Simplist way to do this is from apache using the ProxyErrorOverride set to on as seen below:


ProxyPass "/" "http://backend_tomcat_host:8080/"
ProxyPassReverse "/" "http://backend_tomcat_host:8080/"

ProxyErrorOverride On
ErrorDocument 500 "Internal Server Error"
ErrorDocument 404 "The Requested URI is not found "
ErrorDocument 503 "Service Not found"
ErrorDocument 403 "Forbidden"

The above will offer the user the most basic error pages possible and will hid all the Tomcat details.
More complex Error pages can be used by replacing the above simple text with a URI of an html error page.

For apache 2.2.x the full documentation is available at: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxyerroroverride


No comments:

Post a Comment