Map server error messages to custom error messages - PingIntelligence for APIs

Map server error messages to custom error messages - PingIntelligence for APIs - 4.4

PingIntelligence

bundle

pingintelligence-44

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 4.4

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-44

pingintelligence

private

ContentType_ce

Page created: 6 Nov 2020 |

Page updated: 12 May 2021

| 1 min read

4.4 Capability API Security Advanced API Cybersecurity Linux On-Premises Operating System Hosting Environment PingIntelligence for APIs Product Administration User task Security Manager Audience Configuration

Backend server error messages (for example, Java stack trace) can reveal internal information to hackers. ASE supports hiding the internal details and only sending a customized simple error message. The error message mappings are defined in /config/server_error.json file.

For each custom HTTP error code, specify all three parameters in server_error.json. For example, the snippet of server_error.json shows parameters for mapping error codes 500 and 503.

{
 "server_error": [
 {
 "error_code" : "500",
 "error_def" : "Internal Server Error", 
 "msg_body" : "Contact Your Administrator" 
 },
 {
 "error_code" : "503",
 "error_def" : "Service Unavailable",
 "msg_body" : "Service Temporarily Unavailable"
 } 
 ] 
}

In the above example, an ASE which receives an error 500 or 503 message from the application replaces the message with a custom name error_def and message msg_body as defined in the server_error.json file.

To send the original error message from the backend server, do not include the associated error code in the server_error.json file. An empty server_error.json file as shown below will not translate any backend error messages.

{
 "server_error": [
 ]
}

Note: ASE checks for the presence of the server_error.json file. If this file is not available, ASE will not start.