How can I edit the default 404 page?

GeorgePatches

I'm running CE 2.7.2 and I'm getting dinged by Tenable scans at for Tenable plugin 106374. The detection report says the nginx server is using the default 404 page. What directory is this located in so I may tweak it ever so slightly?

Gertjan

@GeorgePatches

This : NGINX default error page ?

These warning (40x) and error (50x) pages can be 'user' designed if you run a public website.
But for a router firewall local WebGUI ? The only one ghaving access is the admin, a real network pro, who isn't doing things that shouldn't be done.

The pfSense GUI can't be compared to public web site.

Normally, and this is neither nor and not , only the LAN interface should be accessed by the admin devices, and other devices if the admin trusts these devices.
All the other devices : that's why a LAN2 or OPT2 exists. On OPT2, the 'public' (the plugins, whatever) can't have access to the pfSense GUI.
A plan B could be : firewall rules on the LAN interface that allow webGUI access (port 443 and 80 TCP) to a limit set of the LAN network IPs.

edit : forgot about plan Z :
The nginx config file is created by pfSense before it starts.
So edit the pfSense file that creates this nginx config file, and add your own 'page 40x' details ^^

AndyRH

The description states it could leak server information. Determine if it does leak server information, then determine if that information is useful server information for a hacker.
Once you have the facts make the team reporting it as a problem defend their position. The result of that conversation should point you down the correct path. Either blocking access to the WebUI or a note that the finding is acceptable with or without risk.

One should always remember "Best Practice" is an excellent starting point, but it is not always the ending point.

GeorgePatches

You guys are applying logic to this issue, that's not how this particular game is played. We are currently engaged in the biggest fight we can have about they way vuls are handled (because the current system is "silly"), but in the mean time if I can make a one liner change and make this finding go away, that's what makes my life the easiest.

@Gertjan said in How can I edit the default 404 page?:

edit : forgot about plan Z :
The nginx config file is created by pfSense before it starts.
So edit the pfSense file that creates this nginx config file, and add your own 'page 40x' details ^^

If you could point me to where that is, I'd appreciate the help.

EDIT: nevermind, my manager wants me to file the exception.

Gertjan

@GeorgePatches said in How can I edit the default 404 page?:

If you could point me to where that is, I'd appreciate the help.

I'll show you how to find the way to find the file :

I presume you have some ideas about where the nginx config file is located, as it is the same as any other device out there that contains a web server :

/var/etc/nginx-webConfigurator.conf

That file is full with unique words = perfect grep-food, pick one of them. I chose 'fastcgi_intercept_errors'.
Now, the sledgehammer solution to locate the file you're looking for : check /etc/ and /usr/ :

[24.03-RELEASE][root@pfSense.bhf.tld]/etc: grep -R 'fastcgi_intercept_errors'  *
inc/system.inc:         $intercept_errors = "\t\t\tfastcgi_intercept_errors on;\n";

In /usr/ you'll find :

Binary file local/sbin/nginx matches
local/share/vim/vimfiles/syntax/nginx.vim:syn keyword ngxDirective contained fastcgi_intercept_errors

which also contain the word 'fastcgi_intercept_errors' for reasons I don't need to explain ^^

So /etc/inc/system.inc is your candidate.

You'll find the function system_generate_nginx_config() where the nginx config file is build.