To hide a restricted location, e.g.
location /secret/ {
allow 10.0.0.0/24;
deny all;
}
one could set
error_page 403 =404 /404.html;
error_page 404 /404.html;
to make impossible to distinguish a non-existing location (404) from a restricted one (403).
Is there a way to perform a similar spoof for subdomains?
I want https://admin.example.org/, which normally returns 403 if not visited via VPN, to show the same of https://nonexistingsubdomain.example.org/, e.g. a .html page with a redirect to https://example.org/.