What can I do here?
Use this window to configure the web server's level of error concealment.
Getting Here - Object Explorer > New > Host > Servers > Select Web Server > Web Server > Protections > Error Concealment > Advanced |
Detection of HTTP Response Status Codes
Web servers place a status code in the header of the HTTP Response. Some codes indicate a valid response, such as 200 OK
. The 4XX and 5XX codes on the other hand indicate an error status. Some of the 4XX and 5XX codes could reveal unnecessary information.
If these error codes are detected in the HTTP Response, this protection conceals the response. You can configure which of these HTTP Response codes will be concealed.
Configure Detection of Application engines
Web application engines generate error messages. If the application engine is properly configured, these error messages are masked by the Web server, which will generate an HTTP Response with an error status code. However, if the Web server is incorrectly configured, it may display detailed error information that a remote attacker could use to tailor an attack. These error messages are characteristic to each application engine.