Goal
- Inform users of the error encountered and of the server’s continuing operation.
- Inform users that the problem isn't caused by their connectivity.
Implementation
Modify the web server configuration to send the user to a customised page when the requested resource does not exist
If the main server configuration is not directly accessible and if the environment allows it, use a local configuration by directory. For example, the Apache environment authorises the creation of an .htaccess
file containing directives relating to error handling: ErrorDocument 404 /mapage.html
.
Control
From any URL address of the site checked:
- Modify the URL address to obtain a 404 error, for example, by adding a series of random characters at the end of the address such as: https://www.example.com/dbvdjb
- Check that the page returned corresponds to a customised page, consistent with the rest of the site, and not to the 404 page sent by default by the server (Apache, IIS, Nginx);
- In the case of using a CMS, the latter may lead you to believe that it does not return the 404 page by default, so you will have to perform the same check via the URL address of an image, CSS or JS file to definitively validate this best practice.
Discover Opquast training and certification
The objective of these rules and the Opquast community mission is ‘making the web better’ for your customers and for everyone! Opquast rules cover the key major areas of risk that can negatively affect website users such as privacy, ecodesign, accessibility and security.
Opquast training has already allowed over 19,000 web professionals to have their skills certified. Train your teams, contact us
We offer a 1 hour free discovery module.