Custom ModSecurity Error message in apache

This tutorial we show that you can change the custom error message page to ModSecurity. Typically, you get 403 or 406 Response code when ModSecurity block access to website.

Apache configuration

In apache configuration files (Depend your OS & Configuration)

includes / errordocument.conf

ErrorDocument 403 /403.shtml

Add extra row to 406 error page:

ErrorDocument 406 /406.shtml

Modsecurity SecDefaultAction

Setup ModSecurity Default action to 406 in ModSecurity configuration file:

SecDefaultAction "phase:1,deny,log,status:406"
SecDefaultAction "phase:2,deny,log,status:406"

Apache 406.shtml

Now you can create custom 406.shtml file in apache root directory /var/www/html/406.shtml what you want.

Restart apache

Remember restart apache:

# apache2ctl graceful

Final Words

If you don’t wanna build own rules, you can use Malware Expert – ModSecurity rules to protect your web server vulnerabilities and attacks.