Looking at the Mahara installation guide https://wiki.mahara.org/wiki/System_Administrator's_Guide/Installing_Mahara#Apache_Configuration we could add some ErrorDocument lines to that <virtualHost> info and give instructions on how to set that up to point to relating *.php files (eg errors/404.php) in Mahara so they can be served maybe.
And then include a bunch of error php files in mahara that can be served, maybe? -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1626315 Title: Wishlist: Apache-compatible 404 error response page Status in Mahara: Confirmed Bug description: Due to receiving a few security reports about it, we've recently re- styled the 404 response pages for most of the Mahara project sites. The reports we received pointed out that the default Apache 404 response page prints the url-decoded (but still html-escaped) query portion of the URL on the page. This could result in attackers printing arbitrary text onto the page, with spaces and such, which conceivably could be part of a phishing attack. To keep thing simple, we replaced it with a static empty page that doesn't include any details about the requested query. However, ideally we'd want to print out a page more like Google's 404 page: 1. Styled in the site's theme 2. Contains the requested URL, but in a way that clearly sets it apart (i.e., url-encoded so that spaces are transformed into %20, and possibly truncated if it's quite long.) 3. Maybe translated as well. We could achieve this by shipping a PHP script with Mahara, which a Mahara site admin could then configure their Apache server to use for its 404 error document, via this directive: ErrorDocument 404 /errors/404.php We might also provide a "sample.htaccess" file, sitting at the top level of the project (outside the htdocs directory) to show people how to set this up. (We used to include a .htaccess file in Mahara's htdocs by default, but this could cause crashes if people were using different servers or different versions of Apache). To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1626315/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
