Replacement of back-end error pages

Error pages generated by back-end applications may leak internal information about a system's setup and configuration (e.g. platform, system paths, stack traces, or deployed frameworks). Such information is valuable for potential attackers. To prevent information leakage, Airlock Microgateway supports the replacement of error pages generated by back-ends.

Depending on the HTTP status code of a back-end response, predefined error pages can be delivered to the client. If error_page_replacements is not configured, no pages are replaced.

By default, the following error pages can be used for an error page replacement:

400.html
401.html
403.html
404.html
500.html
502.html
503.html
maintenance.html

By default error page replacement is disabled. The DSL example illustrates how to enable it.

DSL example

The error page replacement can be configured with the following DSL example:

apps: 
  - mappings: 
      - name: test
        ...
        response: 
          error_page_replacements: 
            - status_code: 
                pattern: ^401$ 
                page: 401.html 
            - status_code: 
                pattern: ^403$ 
                page: 403.html 
            - status_code: 
                pattern: ^404$ 
                page: 404.html 
            - status_code: 
                pattern: ^4(?!01|03|04)..$ 
                page: 400.html 
            - status_code: 
                pattern: ^502$ 
                page: 502.html 
            - status_code: 
                pattern: ^503$ 
                page: 503.html 
            - status_code: 
                pattern: ^5(?!02|03)..$ 
                page: 500.html

Replacement using custom error pages

If custom error pages should be used for the replacement, configure them as described in Custom error pages.