This tutorial we show that you can change the custom error message page to ModSecurity. Typically, you get 403 or 406 Response code when ModSecurity block access to website.
Apache configuration
In apache configuration files (Depend your OS & Configuration)
includes / errordocument.conf
ErrorDocument 403 /403.shtml
Add extra row to 406 error page:
ErrorDocument 406 /406.shtml
Modsecurity SecDefaultAction
Setup ModSecurity Default action to 406 in ModSecurity configuration file:
SecDefaultAction "phase:1,deny,log,status:406" SecDefaultAction "phase:2,deny,log,status:406"
Apache 406.shtml
Now you can create custom 406.shtml file in apache root directory /var/www/html/406.shtml what you want.
Restart apache
Remember restart apache:
# apache2ctl graceful
Final Words
If you don’t wanna build own rules, you can use Malware Expert – ModSecurity rules to protect your web server vulnerabilities and attacks.