Redirect 403 HTTP standing return code to 404
Why?
403 (forbidden) HTTP standing code hints a couple of appropriate path and you aren’t allowed to entry it. This confirms that the file/folder exists and is restricted.
Thus, 403 permits the hacker to be taught extra about your file system construction and room for safety vulnerabilities.
It is a good suggestion to redirect the 403 return code to 404 (not discovered) so there is not any room for guessing. That is usually requested to implement within the cost business or transactional utility manufacturing system.
There are a number of methods to get this finished and beneath I defined tips on how to do in Apache HTTP, Nginx.
Notice: Again up the required configuration file earlier than making any modifications. And if doable, check in non-production first.
Apache HTTP
We are going to use ErrorDocument guideline to attain this
- Create a file
DocumentRootdegree served at 404 - Let’s title the file 404
- Add the next to the httpd.conf file
ErrorDocument 403 /404
Above I instruct Apache to show the /404 file at any time when 403 occurred
- Save the configuration file and restart Apache to check it
Nginx
Let’s use error_page guideline to attain this
- Create a file title known as 404.html
- Add the next
serverpart underneath Nginx configuration file
error_page 404 /404.html; error_page 403 =404 /404.html;
Above, within the first line, Nginx will show /404.html when the file shouldn’t be discovered and the second line, /404.html will show when requested assets return 403.
WordPress
You should utilize the Customized Error Pages plugin which lets you set a customized web page for 401 and 403 standing code.
I hope this helps you. In case you are occupied with studying internet safety, I like to recommend taking this course.