Backend server error messages (for example, Java stack trace) can reveal internal information to hackers. ASE supports hiding the internal details and only sending a customized simple error message. The error message mappings are defined in /config/server_error.json file.
For each custom HTTP error code, specify all three parameters in server_error.json. For example, the snippet of server_error.json shows parameters for mapping error codes 500 and 503.
{
"server_error": [
{
"error_code" : "500",
"error_def" : "Internal Server Error",
"msg_body" : "Contact Your Administrator"
},
{
"error_code" : "503",
"error_def" : "Service Unavailable",
"msg_body" : "Service Temporarily Unavailable"
}
]
}
In the above example, an ASE which receives an error 500 or 503 message from the application
replaces the message with a custom name error_def
and message
msg_body
as defined in the server_error.json file.
To send the original error message from the backend server, do not include the associated error code in the server_error.json file. An empty server_error.json file as shown below will not translate any backend error messages.
{
"server_error": [
]
}