Error pages generated by back-end applications may leak internal information about a system's setup and configuration (e.g. platform, system paths, stack traces, or deployed frameworks). Such information is valuable for potential attackers. To prevent information leakage, Airlock Microgateway supports the replacement of error pages generated by back-ends.
Depending on the HTTP status code of a back-end response, predefined error pages can be delivered to the client. If error_page_replacements
is not configured, no pages are replaced.
By default, the following error pages can be used for an error page replacement:
400.html 401.html 403.html 404.html 500.html 502.html 503.html maintenance.html
By default error page replacement is disabled. The DSL example illustrates how to enable it.