You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Marc <Ma...@f1-outsourcing.eu> on 2023/09/15 15:24:45 UTC
[users@httpd] where to change this "internal server error message"
Where/how can I change this message?
<p>The server encountered an internal error or
misconfiguration and was unable to complete
your request.</p>
<p>Please contact the server administrator at
xxx to inform them of the time this error occurred,
and the actions you performed just before this error.</p>
<p>More information about this error may be available
in the server error log.</p>
</body></html>
or as a work-a-round, how can refuse access with modsecurity and just generate a 200 blank page response.
SecRule REQUEST_HEADERS:User-Agent "blockthisua" "id:'13006',phase:2,log,deny,status:200"
Re: [users@httpd] where to change this "internal server error message"
Posted by Frank Gingras <th...@apache.org>.
So we're likely dealing with mod_security overriding the response. I
haven't tinkered with that module in some time to give you a definitive
answer.
On Fri, Sep 15, 2023 at 11:49 AM Marc <Ma...@f1-outsourcing.eu> wrote:
> >
> > What is returning the 500 response here? Is php/python/perl involved?
>
> No, I think this mod_security is generating this
>
> > As for the scrapers, you are absolutely wasting your time customizing the
> > response. I would just return a 403, actually.
>
> I think you might be right. I did not expect to waste so much time on
> trying to just send an 'empty' body.
>
> >
> >
> > > See the ErrorDocument directive.
> >
> > It does not seem to work. It looks like this config is skipped and
> > the error is loaded directly from the httpd binary.
> >
> > ErrorDocument 500 /406.html
> >
> > > Now, why is that response not suitable? And why would you respond
> > with a
> > > 200 for a blocked user agent?
> >
> > I think it is better to return to scrapers 200 and empty content,
> > instead of notifying them so they can reconfigure their systems.
> >
> > >
> > >
> > > Where/how can I change this message?
> > >
> > > <p>The server encountered an internal error or
> > > misconfiguration and was unable to complete
> > > your request.</p>
> > > <p>Please contact the server administrator at
> > > xxx to inform them of the time this error occurred,
> > > and the actions you performed just before this error.</p>
> > > <p>More information about this error may be available
> > > in the server error log.</p>
> > > </body></html>
> > >
> > > or as a work-a-round, how can refuse access with
> modsecurity
> > and just
> > > generate a 200 blank page response.
> > >
> > > SecRule REQUEST_HEADERS:User-Agent "blockthisua"
> > > "id:'13006',phase:2,log,deny,status:200"
> > >
> >
> >
>
>
RE: [users@httpd] where to change this "internal server error message"
Posted by Marc <Ma...@f1-outsourcing.eu>.
>
> What is returning the 500 response here? Is php/python/perl involved?
No, I think this mod_security is generating this
> As for the scrapers, you are absolutely wasting your time customizing the
> response. I would just return a 403, actually.
I think you might be right. I did not expect to waste so much time on trying to just send an 'empty' body.
>
>
> > See the ErrorDocument directive.
>
> It does not seem to work. It looks like this config is skipped and
> the error is loaded directly from the httpd binary.
>
> ErrorDocument 500 /406.html
>
> > Now, why is that response not suitable? And why would you respond
> with a
> > 200 for a blocked user agent?
>
> I think it is better to return to scrapers 200 and empty content,
> instead of notifying them so they can reconfigure their systems.
>
> >
> >
> > Where/how can I change this message?
> >
> > <p>The server encountered an internal error or
> > misconfiguration and was unable to complete
> > your request.</p>
> > <p>Please contact the server administrator at
> > xxx to inform them of the time this error occurred,
> > and the actions you performed just before this error.</p>
> > <p>More information about this error may be available
> > in the server error log.</p>
> > </body></html>
> >
> > or as a work-a-round, how can refuse access with modsecurity
> and just
> > generate a 200 blank page response.
> >
> > SecRule REQUEST_HEADERS:User-Agent "blockthisua"
> > "id:'13006',phase:2,log,deny,status:200"
> >
>
>
Re: [users@httpd] where to change this "internal server error message"
Posted by Frank Gingras <th...@apache.org>.
What is returning the 500 response here? Is php/python/perl involved?
As for the scrapers, you are absolutely wasting your time customizing the
response. I would just return a 403, actually.
On Fri, Sep 15, 2023 at 11:37 AM Marc <Ma...@f1-outsourcing.eu> wrote:
>
> > See the ErrorDocument directive.
>
> It does not seem to work. It looks like this config is skipped and the
> error is loaded directly from the httpd binary.
>
> ErrorDocument 500 /406.html
>
> > Now, why is that response not suitable? And why would you respond with a
> > 200 for a blocked user agent?
>
> I think it is better to return to scrapers 200 and empty content, instead
> of notifying them so they can reconfigure their systems.
>
> >
> >
> > Where/how can I change this message?
> >
> > <p>The server encountered an internal error or
> > misconfiguration and was unable to complete
> > your request.</p>
> > <p>Please contact the server administrator at
> > xxx to inform them of the time this error occurred,
> > and the actions you performed just before this error.</p>
> > <p>More information about this error may be available
> > in the server error log.</p>
> > </body></html>
> >
> > or as a work-a-round, how can refuse access with modsecurity and
> just
> > generate a 200 blank page response.
> >
> > SecRule REQUEST_HEADERS:User-Agent "blockthisua"
> > "id:'13006',phase:2,log,deny,status:200"
> >
>
>
RE: [users@httpd] where to change this "internal server error message"
Posted by Marc <Ma...@f1-outsourcing.eu>.
> See the ErrorDocument directive.
It does not seem to work. It looks like this config is skipped and the error is loaded directly from the httpd binary.
ErrorDocument 500 /406.html
> Now, why is that response not suitable? And why would you respond with a
> 200 for a blocked user agent?
I think it is better to return to scrapers 200 and empty content, instead of notifying them so they can reconfigure their systems.
>
>
> Where/how can I change this message?
>
> <p>The server encountered an internal error or
> misconfiguration and was unable to complete
> your request.</p>
> <p>Please contact the server administrator at
> xxx to inform them of the time this error occurred,
> and the actions you performed just before this error.</p>
> <p>More information about this error may be available
> in the server error log.</p>
> </body></html>
>
> or as a work-a-round, how can refuse access with modsecurity and just
> generate a 200 blank page response.
>
> SecRule REQUEST_HEADERS:User-Agent "blockthisua"
> "id:'13006',phase:2,log,deny,status:200"
>
Re: [users@httpd] where to change this "internal server error message"
Posted by Frank Gingras <th...@apache.org>.
See the ErrorDocument directive.
Now, why is that response not suitable? And why would you respond with a
200 for a blocked user agent?
On Fri, Sep 15, 2023 at 11:26 AM Marc <Ma...@f1-outsourcing.eu> wrote:
> Where/how can I change this message?
>
> <p>The server encountered an internal error or
> misconfiguration and was unable to complete
> your request.</p>
> <p>Please contact the server administrator at
> xxx to inform them of the time this error occurred,
> and the actions you performed just before this error.</p>
> <p>More information about this error may be available
> in the server error log.</p>
> </body></html>
>
> or as a work-a-round, how can refuse access with modsecurity and just
> generate a 200 blank page response.
>
> SecRule REQUEST_HEADERS:User-Agent "blockthisua"
> "id:'13006',phase:2,log,deny,status:200"
>