How to test a 503 custom error page. - linux

A rather strange question:
How can I test a custom 503 error page without restarting the service.
(Struts application on tomcat with apache front loading)
"What I really want is some how SIMULATE that the tomcat crashed, and apache as the front end will grab the error page, and redirect to the custom error page"

You could create a Servlet which you exclude from production builds. This Servlet examines a parameter (e.g. errorCode) and sets it using the HTTP Servlet Response object: javax/servlet/http/HttpServletResponse.html#sendError(int, java.lang.String).
Then you are able to test all kinds of error codes, e.g.:
http://myapp.com/webapp/errorServlet?503
Not nice, but should work... if you want to unit test your Apache Web Server only you could create a separate WAR file (depends on your test scope).

Have you tried to use curl?
curl -H http://your/path/to/503page

Related

Information Disclosue issue in Wildfly and Apache Web Server

We are working in an environment where UI Requests flow to a WildFly Server (where the WAR is deployed) versioned 10.1.0 via an Apache Web Server versioned 2.4
We were running Security tests and when using a VirtualDirContext, it was possible to bypass the security constraints and view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request via Burp.
How we reproduce the vulnerability in Burp:
We capture a random Request via the UI and replicate it in Burp.
We turn the Request into a GET Request, mention the path of a JSP file and add %2520 to it.
This issue is reproducible even if the Requests go directly to the WildFly Server instead of via the Apache Web Server.
Is there a way to prevent this vulnerability? We believe validating each Request for the presence of %2520 in it in the Filter layer may not be a comprehensive fix.
In simple words, when we use a URL that contains the path of a JSP file present in the code, appended with %2520, the content of the JSP was disclosed. Is there a way to prevent this?

Custom page for HTTP 404 page URL in Jenkins

My Jenkins is running on https://myhost:9043 using the standalone war on Linux with the below command.
java -jar jenkins.war
However, when I try the following URL for say https://myhost:9043/<any random text> the resource uri is obviously not found.
The problem, however, is I get output in the browser as
HTTP 404 error URI not found Powered by Jetty://9.4.27.vXXXX
I wish not to reveal the Jetty version.
Is there a way to display a custom error page for incorrect URIs thus avoiding revealing the Jetty version? If not, can I somehow hide the Jetty version from being displayed to anonymous users?
I'm not a pure java programmer but just a DevOps admin.
You can override the Jetty version with adding to your command line -Djetty.version=NOTHING
Otherwise I created the issue https://issues.jenkins-ci.org/browse/JENKINS-62890 to have a custom error page from users

Apache error instead of varnish error

I configured varnish for my client .Now my client want to see apache error instead of varnish backend fetch failed in browser .Is there any option available varnish 4.
Alas, there is no option to do so.
You either pipe the requests to see everything from backend (bypassing Varnish), or you have default behaviour of 503 Backend fetch failed on errors from backend.
You can use VCL to serve the apache error page. By default Varnish, on error, will serve its preconfigured error page.
In vcl_backend_response detect if Apache is erroring, if that's the case, retunr(deliver) to serve the Apache error page.
If you share you VCL I can have a look at it.

How to configure lighttpd display custom 500 error page?

When my php works not correctly, server sends 500 error to browser by default. I want to see my custom error page. I tried to use servererror-file prefix, but not work with 500 error.
In lighttpd 1.4.46 (not yet released), you can choose to intercept errors from dynamic handlers using server.error-intercept = "enable". See https://redmine.lighttpd.net/issues/974
However, a better solution is to trap the errors in your PHP script and issue an appropriate error page, rather than crashing.

problem using a custom 404 page in IIS

I have a web site with a child directory set up as an application. I set up the application to use a custom 404 page. When I navigate to the url and put in a non existent page I get the following error message. Any other asp page in the application works fine. There isn't even any script in the 404 page... just plain html so I'm not sure what is causing this. I've tried creating an application pool specifically for this application but that didn't help. Thanks.
Error message: The specified request cannot be executed from current Application Pool
Try to create a registry key with the name IgnoreAppPoolForCustomErrors (type DWORD, value 1) in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\
See http://blogs.msdn.com/rakkimk/archive/2006/09/01/735684.aspx or http://www.yanghengfei.com/show-131-1.html for more information - seems to be a not so uncommon problem.

Resources