Thursday, September 11, 2014

CentOS: Create a Blank file or redirect the default Apache Welcome Page

When managing or hosting a CentOS box, Apache will show the CentOS welcome page. This page contains information you likely don’t want people to have, so things like the fact that you’re running Apache on CentOS. While these things can also show up in the headers, you want to remove the default page in the event someone hits the website from the IP address only or if they use a domain that resolves to the box, but there is no directory setup for that domain.



Quite a few of the online discussion forums and even the notes on the welcome screen suggest that you should visit the file at /etc/httpd/conf.d/welcome.conf on CentOS.

If you cat the file you’ll likely see something like this:

# This configuration file enables the default "Welcome"# page if there is no default index page present for# the root URL. To disable the Welcome page, comment# out all the lines below.                                                                       
<LocationMatch "^/+$">
    Options -Indexes
    ErrorDocument 403 /error/noindex.html
</LocationMatch>

Their suggestion is to comment out the lines. By doing so, you’re not presenting the visitor with a blank page, but rather a different error message. To edit the file you’ll need to be logged in as root (su -) or be a member of sudoers and use sudo.

Use the editor of your choice. I’m using emacs myself, but vi will also work. So my command looks like:

emacs /etc/httpd/conf.d/welcome.conf

So if I comment out those lines with # comment tags and save the file, then nothing happens.

#<LocationMatch "^/+$">
# Options -Indexes
#ErrorDocument 403 /error/noindex.html
#</LocationMatch>

This is because changes to configuration files in Apache require a server restart. No need to restart the box, just the Apache server; as root:

service httpd restart

You should see something similar to the following:




When you visit the page showing the welcome page before, now you’ll see a Forbidden error. This still lets savvy users know that you’re running Apache.


For me this wasn’t enough, so I took it a step further.

Since I don’t want anyone to see anything, I created a file in /var/www/error called noerror.php. Assuming you’re running PHP on your box you can do this with something like touch, so :

touch /var/www/error/noerror.php
If you want the page to blank, then you’re done with the file at this point. If you're not running PHP but only want the blank page you can call it noerror.html

For the Redirect
If you want the file to redirect somewhere else you can edit the contents to do something like this:

<?php header('Location: http://www.somedomain.com'); ?>

If you wanted this to be a permanent redirect you can add the 301 redirect declaration heard above the header line. Note if you permanently redirect you will have to flush your cache to access a directory that delivered a 403 Forbidden error.

header("HTTP/1.1 301 Moved Permanently");
header("Location: http://www.somedomain.com");


Set appropriate permissions on the file for your setup.

Edit the welcome.conf file again. (Usually you can press the up arrow on your keyboard to cycle through.)

Uncomment the lines suggested by the comments. So you should be back to this.

<LocationMatch "^/+$">
    Options -Indexes
    ErrorDocument 403 /error/noindex.html
</LocationMatch>

Change the ErrorDocument path to /error/noerror.php, so the contents should look like this:

<LocationMatch "^/+$">
    Options -Indexes
    ErrorDocument 403 /error/noerror.php
</LocationMatch>

Save the file. Restart the webserver again. Now instead of seeing the Welcome Screen you should see the domain from the redirect.

Hope this helps someone.


Note: If you don’t have an index file in the server you’re redirecting to it might create an endless loop.

No comments:

Post a Comment

I'm going to read this before it goes live if you don't mind.