in Resources

Implement Custom Error Pages in Apache and Nginx: An In-Depth Guide

As a fellow technology geek, I completely understand the importance of having branded, informative error pages instead of boring default ones. Based on my experience as a web developer and system admin, I wanted to provide an in-depth guide to implementing custom error pages in Apache and Nginx.

There‘s so much more we can do to enhance the user experience and security when errors and downtime occur. My goal with this comprehensive article is to equip you with all the knowledge to customize your error pages like a pro!

Why Custom Error Pages are Essential

Before we dive into the implementation details, I want to share some compelling statistics that highlight why custom error pages are so valuable:

  • 40% of people will leave a website after encountering a single error page [1]

  • 90% of users do not report encountering an error page to webmasters [2]

  • Default Apache and Nginx error pages reveal sensitive technology details that attackers can exploit

  • Custom error pages have been shown to reduce bounce rates by up to 60% by encouraging site exploration [3]

It‘s clear that putting thought into your error pages can dramatically improve user experience. Let‘s look at some specific benefits:

Improved Branding and User Experience

Having branded error pages that match the rest of your website‘s look and feel is vital for professionalism. You can craft friendly messages and provide helpful information to aid users.

For example, on a custom 404 page, include popular site links or a search bar they can use to find relevant content instead of leaving.

Enhanced Security

Default Apache and Nginx error pages reveal the server technology and sometimes full stack traces. This exposes sensitive backend details attackers can take advantage of.

Custom error pages let you reveal minimal technical information and links to your security team.

Better for SEO

Search engines will index thin, unoptimized default error pages if you allow it. Custom pages with useful content prevent this and enhance your site‘s rankings.

Increased User Retention

When a user hits a 404 or 500 error, they are very likely to leave your site immediately. Custom pages with navigation and search features increase the chances of them finding another relevant section of your site to explore.

Step-by-Step Guide to Custom Error Pages

Now that we‘ve looked at the benefits, let‘s dig into how to actually implement custom error pages in Apache and Nginx.

Custom Error Pages in Apache

The easiest method is using the ErrorDocument directive in the httpd.conf file:

  1. Login to your Apache server and open the httpd.conf file. Always backup before editing!

  2. Add ErrorDocument directives for each error code you want to handle:

ErrorDocument 404 /errors/not-found.html
ErrorDocument 403 /errors/forbidden.html 
ErrorDocument 500 /errors/server-error.html
  1. Restart Apache for changes to take effect.

Now when a 404, 403, 500 error occurs, your custom page will be served!

You can also redirect to a URL:

ErrorDocument 503 http://example.com/unavailable

Some other common HTTP status codes to handle with custom pages:

  • 400 Bad Request
  • 408 Request Timeout
  • 429 Too Many Requests
  • 502 Bad Gateway

I recommend creating custom error pages for at least 400, 403, 404, 500, and 503 statuses.

Custom Error Pages in Nginx

For Nginx, edit the nginx.conf file to add error_page directives:

  1. Edit nginx.conf and backup the file.

  2. Add error_page directives under the main server {} block:

error_page 404 /errors/404.html;
error_page 502 /errors/502.html;
  1. Reload Nginx for the changes to apply.

Now 404 and 502 errors will show custom pages. You can also redirect:

error_page 500 http://example.com/server-error;

Important error codes to handle in Nginx:

  • 400 Bad Request
  • 403 Forbidden
  • 503 Service Unavailable
  • 504 Gateway Timeout

I suggest creating custom pages for at least 400, 403, 404, 500, and 503.

Designing User-Friendly Custom Pages

When designing your custom error pages, keep these UX tips in mind:

  • Use clear, friendly language to explain the problem to the average user.

  • Include your branding, logo, fonts, and color scheme for consistency.

  • Provide helpful information like "Contact our support team" or "Visit our Help Center".

  • Have obvious navigation options such as Search box, Popular Pages, or Home Page link.

  • For 5xx server errors, share there‘s a temporary problem being worked on.

  • Never reveal full technical details or stack traces publicly.

  • Show a unique image related to the error, like a 404 image.

  • If possible, include context like the page URL they tried to access.

See the example 404 page below for ideas:

Example 404 Page

Example of a user-friendly custom 404 error page

This improves the user‘s experience and gives them options instead of just leaving your site.

Security Considerations

When creating custom error pages, be mindful of security:

  • Don‘t leak backend technology details that could inform attackers.

  • Never display full error stack traces or exceptions publicly. Log them securely.

  • For 5xx errors, reassure the user there is no problem on their end.

  • Provide a generic "Contact Support" link they can use if an error persists.

  • Clearly communicate downtime status if you‘re expecting an outage.

  • If needed, implement IP-based restrictions on error pages when under attack.

  • Use HTTPS on all error pages to prevent spoofing/tampering.

Troubleshooting Tips

Here are some tips in case your custom error pages aren‘t working properly:

  • Verify the error page filenames match and exist on the server.

  • Check for typos in the ErrorDocument or error_page directives.

  • Test by accessing the custom page directly via URL.

  • View server logs to ensure the custom page is being served.

  • Try adding just one error page at a time and testing.

  • For redirects, validate the target URL loads fine directly.

  • Confirm your web server can follow symlinks if using them.

  • Check permissions on custom page resources. Restrict access if needed.

  • Try a simple redirect rule first before serving a complex error page.

  • Restart the web server and check for syntax errors.

  • Use log analysis tools like GoAccess to inspect error logs and access logs.

With careful troubleshooting, you should be able to get your custom error pages running smoothly.

Closing Thoughts

I hope this guide has armed you with a complete understanding of custom error pages and how to properly implement them. They can profoundly improve your users‘ experience and your security posture.

Here are a few parting tips:

  • Test error pages thoroughly from visitors‘ perspectives.

  • Set up monitoring to track when custom pages are served.

  • Update error pages if your branding or content changes.

  • Consider A/B testing different error page designs.

  • Localize error pages for international audiences if needed.

Taking full control of the error page experience rather than settling for default pages can really bolster your website‘s professionalism and resilience. Let me know if you have any other questions!

AlexisKestler

Written by Alexis Kestler

A female web designer and programmer - Now is a 36-year IT professional with over 15 years of experience living in NorCal. I enjoy keeping my feet wet in the world of technology through reading, working, and researching topics that pique my interest.