Fortinet 467 FortiWeb 5.0 Patch 6 Administration Guide
See also
Configuring a server policy
Viewing auto-learning reports
Uploading a custom error page
Error pages can be displayed when a client violates a policy where the Action is Alert & Deny in
its protection profile. Because error pages from the web server frequently mention the web
server version and application stack, such as this one from Apache (server information
disclosure highlighted in red):
Not Found
The requested URL /dne was not found on this server.
Apache/2.2.3 (Red Hat) Server at wiki.example.com Port 80
or this one from WebSphere (server and source code information disclosure highlighted in red):
JSP Processing Error
HTTP Error Code: 404
this can be used for fingerprinting before an attack, you can craft a generic page that refers
anyone who receives the page by accident to simply contact a network administrator.
Error Message: JSPG0036E: Failed to find resource
/fr/investissement/accueil.jsp
Root Cause: java.io.FileNotFoundException: JSPG0036E: Failed to
find resource /fr/investissement/accueil.jsp
at
com.ibm.ws.jsp.webcontainerext.AbstractJSPExtensionPro
cessor.findWrapper(AbstractJSPExtensionProcessor.java:
395)
at
com.ibm.ws.jsp.webcontainerext.AbstractJSPExtensionPro
cessor.handleRequest(AbstractJSPExtensionProcessor.jav
a:349)
at
com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(We
bApp.java:3933)
(output abbreviated)
at
com.ibm.ws.tcp.channel.impl.WorkQueueManager$Worker.ru
n(WorkQueueManager.java:1069)
at
com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:
1604)