Print Download Documentation Send Feedback

Previous

Next

Error Concealment

What can I do here?

Use this window to configure the web server's level of error concealment.

Getting Here

Getting Here - Object Explorer > New > Host > Servers > Select Web Server > Web Server > Protections > Error Concealment > Advanced

Detection of Status Codes and Application Engines

Detection of HTTP Response Status Codes

Web servers place a status code in the header of the HTTP Response. Some codes indicate a valid response, such as 200 OK. The 4XX and 5XX codes on the other hand indicate an error status. Some of the 4XX and 5XX codes could reveal unnecessary information.

If these error codes are detected in the HTTP Response, this protection conceals the response. You can configure which of these HTTP Response codes will be concealed.

Configure Detection of Application engines

Web application engines generate error messages. If the application engine is properly configured, these error messages are masked by the Web server, which will generate an HTTP Response with an error status code. However, if the Web server is incorrectly configured, it may display detailed error information that a remote attacker could use to tailor an attack. These error messages are characteristic to each application engine.

Error Concealment Options