Changing Default Web Server Error Pages

When application servers are not available to accept requests, the web server plug-in for the back-end application server (for example, Oracle HTTP Server plug-in for Oracle WebLogic Server) returns a default error page that displays plug-in build information. Web servers display their default error page on other occasions as well. Attackers can use this information to find known vulnerabilities from public web sites.

Customize the error pages (of web application server plug-in and web server) so that they do not contain information about production system components; for example, server version, server type, plug-in build date, and plug-in type. Consult your application server and web server vendor documentation for more information.