I am working on a spring boot project and it has a custom error page that is called when a user hits some unauthorized url. For example https://www.example.com/some-unknown-parameter. If user hits this kind of urls then will display custom error page like 404.jsp. Project is deployed in the directory /home/tomcat/webapps/project-folder-name but still I can see error logs of unauthorized access. So can I prevent those thing with my custom error page to serve on apache web server?
This is in error log:
[Fri Jul 15 00:59:38 2022] [error] [client 5.189.184.6] (70007)The timeout specified has expired: proxy: error reading status line from remote server localhost
[Fri Jul 15 00:59:38 2022] [error] [client 5.189.184.6] proxy: Error reading from remote server returned by /api/getlocationbyname
[Fri Jul 15 00:59:40 2022] [error] [client 207.46.13.172] (70007)The timeout specified has expired: proxy: error reading status line from remote server localhost
[Fri Jul 15 00:59:40 2022] [error] [client 207.46.13.172] proxy: Error reading from remote server returned by /glossily236141.html
[Fri Jul 15 00:59:41 2022] [error] [client 207.46.13.172] (70007)The timeout specified has expired: proxy: error reading status line from remote server localhost
[Fri Jul 15 00:59:41 2022] [error] [client 207.46.13.172] proxy: Error reading from remote server returned by /conversative1342515.html
[Fri Jul 15 00:59:41 2022] [error] [client 40.77.167.55] (70007)The timeout specified has expired: proxy: error reading status line from remote server localhost
[Fri Jul 15 00:59:41 2022] [error] [client 40.77.167.55] proxy: Error reading from remote server returned by /adenopodous708908.html
[Fri Jul 15 00:59:42 2022] [error] [client 5.189.184.6] (70007)The timeout specified has expired: proxy: error reading status line from remote server localhost
[Fri Jul 15 00:59:42 2022] [error] [client 5.189.184.6] proxy: Error reading from remote server returned by /api/getlocationbyname
[Fri Jul 15 00:59:42 2022] [error] [client 40.77.167.55] (70007)The timeout specified has expired: proxy: error reading status line from remote server localhost
[Fri Jul 15 00:59:42 2022] [error] [client 40.77.167.55] proxy: Error reading from remote server returned by /ijma609349.html
[Fri Jul 15 00:59:46 2022] [error] [client 207.46.13.27] (70007)The timeout specified has expired: proxy: error reading status line from remote server localhost
[Fri Jul 15 00:59:46 2022] [error] [client 207.46.13.27] proxy: Error reading from remote server returned by /beechdrops1036359.html
[Fri Jul 15 00:59:47 2022] [error] [client 157.55.39.48] (70007)The timeout specified has expired: proxy: error reading status line from remote server localhost
[Fri Jul 15 00:59:47 2022] [error] [client 157.55.39.48] proxy: Error reading from remote server returned by /Katsuwonidae366254.html
[Fri Jul 15 00:59:48 2022] [error] [client 40.77.167.27] (70007)The timeout specified has expired: proxy: error reading status line from remote server localhost
[Fri Jul 15 00:59:48 2022] [error] [client 40.77.167.27] proxy: Error reading from remote server returned by /Mauri1154134.html
ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "1"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.nflfreight.com"] [uri "/page-not-found"] [unique_id "YtE7@n8AAAEAASpF0sMAAAA2"]
and this is my access log:
[15/Jul/2022:03:13:45 -0700] "GET /pigeonholer982881.html HTTP/1.1" 302 - "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
[15/Jul/2022:03:13:46 -0700] "GET /consignify360642.html HTTP/1.1" 302 - "-" "Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)"
[15/Jul/2022:03:13:48 -0700] "GET /api/getlocationbyname?apikey=a1nm2o55l5&name=pennsylvania%2C+usa HTTP/1.1" 200 792 "-" "Java/1.7.0_261"
[15/Jul/2022:03:13:51 -0700] "GET /lithangiuria917426.html HTTP/1.1" 302 - "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
[15/Jul/2022:03:13:51 -0700] "GET /benzofuryl168017.html HTTP/1.1" 302 - "-" "Mozilla/5.0 (compatible; SemrushBot/7~bl; +http://www.semrush.com/bot.html)"
[15/Jul/2022:03:13:52 -0700] "GET /dags809769.html HTTP/1.1" 302 - "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
[15/Jul/2022:03:13:52 -0700] "GET /cervix263475.html HTTP/1.1" 302 - "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
[15/Jul/2022:03:13:53 -0700] "GET /Kyung321293.html HTTP/1.1" 302 - "-" "Mozilla/5.0 (compatible; SemrushBot/7~bl; +http://www.semrush.com/bot.html)"
[15/Jul/2022:03:13:53 -0700] "GET /benzofuryl831917.html HTTP/1.1" 302 - "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
Is there something that I can serve with my custom error page that I have built in application. If not, then what is the alternative solution to prevent this unwanted access? Please help me on to solve this.
