1

I'm using Apache as a Proxy to our internal Glassfish server and want to hide as much information about the software we're using as I can.

In Apache I configured a very simple 404 ErrorDocument on the server level:

ErrorDocument 404 "Page not found"

This works, but it doesn't seem to work for 405 (method not allowed):

ErrorDocument 405 "Method not allowed"

When I open an URL in my browser for a servlet which only talks POST, not GET, I get Glassfish' 405 page instead of my custom message. I've tried hiding the information on the Glassfish side and on the Apache side, but it doesn't seem to work.

Any thoughts?

Davio
  • 113
  • 1
  • 4

1 Answers1

1

Try the ProxyErrorOverride directive

ProxyErrorOverride On

It should display the Apache error page instead of the one from the application server.

Gerald Schneider
  • 19,757
  • 8
  • 52
  • 79
  • Exactly what I was looking for, thanks! Sometimes a small config flag makes all the difference. – Davio Sep 18 '15 at 11:23
  • Btw if you ever upgrade to Apache 2.4, then be aware that there's a bug for this, fixed in 2.4.11 which makes it very slow. See here for details: http://stackoverflow.com/questions/22043437/apache-2-4-proxyerroroverride-makes-404-requests-very-slow – Barry Pollard Sep 19 '15 at 19:37