- Reassure users that they are still on the same website.
- Allow the webmaster to provide guidance to your users.
- Inform users of the error encountered and of the server’s continuing operation.
- Inform users that the problem isn't caused by their connectivity.
Modify the web server configuration to send the user to a customised page when access to the requested resource is not allowed.
If the main server configuration is not directly accessible and if the environment allows it, use a local configuration by directory. For example, the Apache environment authorises the creation of an
.htaccess file containing directives relating to error handling:
ErrorDocument 403 /mapage.html.
For each audited site:
- Obtain a 403 error page, for this, you can remove the last part of the URL address of one of the images of the site to keep only the name of the directories present between the slashes of this address, for example: https: //www.example/com/img/. The page displayed should then be a 403 error page.
- Check that the page returned does not correspond to the 403 page returned by default by the server (Apache, IIS, Nginx) but to a custom error page, with graphics that are consistent with the website in general.