Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 6052 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Content spoofing in error pages

Steve N

Given the path below the Sophos Web Application Firewall is returning a not found error but it displays the requested resource on the page which opens up the ability to spoof the content with a malicious message. You can see the message in the URL and screenshot below. Is there any way to change the message on the page to remove the URL that is printed to the page?

sitename.com//hack-me.com was not found. Please go to www.hackme.com or contact the admin at hack@me.com. The requested URL

 



This thread was automatically locked due to age.
Parents
  • 0

    Hi Steve and welcome to the UTM Community!

    I don't understand your question.

    Cheers - Bob
    PS Moving this thread to the Web Server Security forum.

  • 0 in reply to BAlfson

    Hi Bob,

    Thank you for moving to an appropriate board if this is the correct place.

    Sophos is detecting a disallowed character and displaying an error page. I want to customize what is being shown on that error page because currently it prints the URL onto the error pages which itself introduces a vulnerability if you put a string in the URL that says something like "Contact your administrator at admin@hackme.com".

    Steve

  • 0 in reply to Steve N

    It's still not clear, Steve, if the issue is with Web Filtering or Webserver Protection.  Please show a line from the logs related to this message.

    Cheers - Bob

Reply Children