l0b0

Asked: 2015-07-18 05:27:42 +0800 CST2015-07-18 05:27:42 +0800 CST 2015-07-18 05:27:42 +0800 CST

How to avoid leaking the existence of local API in Apache httpd?

I'm building an API which will only be accessible to local services by using Require local in the <Location> directive. How can I make this return a 404 rather than 403 status code when accessed from a remote address? That way I can hide the fact that there is a service at the requested location.

I'd rather preserve the semantics of Require local than use mod_rewrite.

1 Answers

Voted

l0b0
2015-07-18T05:42:51+08:002015-07-18T05:42:51+08:00
Turns out this isn't too difficult:

ErrorDocument 403 /unauthorized_remote_access Redirect 404 /unauthorized_remote_access
0

How to avoid leaking the existence of local API in Apache httpd?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?