Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 6258 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Content spoofing in error pages

Steve N

Given the path below the Sophos Web Application Firewall is returning a not found error but it displays the requested resource on the page which opens up the ability to spoof the content with a malicious message. You can see the message in the URL and screenshot below. Is there any way to change the message on the page to remove the URL that is printed to the page?

sitename.com//hack-me.com was not found. Please go to www.hackme.com or contact the admin at hack@me.com. The requested URL

 



This thread was automatically locked due to age.
Parents
  • 0

    Hi Steve and welcome to the UTM Community!

    I don't understand your question.

    Cheers - Bob
    PS Moving this thread to the Web Server Security forum.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    Thank you for moving to an appropriate board if this is the correct place.

    Sophos is detecting a disallowed character and displaying an error page. I want to customize what is being shown on that error page because currently it prints the URL onto the error pages which itself introduces a vulnerability if you put a string in the URL that says something like "Contact your administrator at admin@hackme.com".

    Steve

  • 0 in reply to Steve N

    It's still not clear, Steve, if the issue is with Web Filtering or Webserver Protection.  Please show a line from the logs related to this message.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    The webserver protection is correctly blocking the request. The problem is that when it blocks the request it shows an apache 404 page. On this page it prints the URL that is it blocked. I need to change it so that the error page does not print the URL. Essentially I just want to customize the error page.

Reply
  • 0 in reply to BAlfson

    The webserver protection is correctly blocking the request. The problem is that when it blocks the request it shows an apache 404 page. On this page it prints the URL that is it blocked. I need to change it so that the error page does not print the URL. Essentially I just want to customize the error page.

Children
Unfiltered HTML