Short version: We'd like Apache to catch when a 500 status is given and return something like 404 instead. Is there a way to do this?
Longer version: These servers are running applications that aren't ours, and they recently failed a PCI compliance scan because of the 500 status errors they can throw if you mess with the Host. In the long run we'll move them to a different network so they don't need to be PCI compliant, but in the short run we'd like a quick fix and just not show the 500 status that the applications return. Both applications this is happening with accept their requests through Apache.
I am hoping/assuming this would be a mod_rewrite rule, but don't know to make mod_rewrite change based on status code.
Best Answer
If I understand correctly, you want to catch the 500 error status in the logs while presenting a regular error looking page to your customers and scanners.
Some web shops do this to "hide" the more serious errors on their website from attackers. A page which generates a 500 error status may be a good target in a DOS attack. Scan the site to find the page which generates a 500 server error, hammer away at those pages, trigger the bad code over and over wait for the the database to melt-down underneath.
You can present custom error pages using
ErrorDocument 500 yourerrorpage.htmlhttp://httpd.apache.org/docs/2.2/custom-error.html