To prevent Apache to not to display these information to the world, we need to make some changes in Apache main configuration file.
ServerSignature Off
ServerTokens Prod
A Web site's error pages are often set to show detailed error information for troubleshooting purposes. However, to prevent unauthorized users from viewing privileged information, you should make sure that detailed error pages will not be seen by remote users.
To prevent IIS7 hijacking your error pages, set existingResponse="PassThrough" in your httpErrors section in your web.config file. For example:
<configuration>
<system.webServer>
<httpErrors existingResponse="PassThrough" />
</system.webServer>
</configuration>
To set the custom errors error mode to DetailedLocalOnly or Custom
To prevent information leakage by using custom error pages, apply the following changes to your web.config file from HTTP responses.
<System.Web>
<httpRuntime enableVersionHeader="false" />
<customErrors mode="On" defaultRedirect="~/error/GeneralError.aspx">
<error statusCode="403" redirect="~/error/Forbidden.aspx" />
<error statusCode="404" redirect="~/error/PageNotFound.aspx" />
<error statusCode="500" redirect="~/error/InternalError.aspx" />
</customErrors>
</System.Web>
Using a configuration where the webapp is deployed into the Tomcat ROOT context and assuming you have a custom error 500 and 404 page already developed, you would add the following to your ROOT web applications's web.xml configuration, which is typically located in $CATALINA_HOME/webapps/ROOT/:
<error-page>
<error-code>500</error-code>
<location>/errors/500.html</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/errors/404.html</location>
</error-page>