🎭 What is Error 1402? / 什么是 Error 1402?

In cybersecurity, sometimes the best defense is confusion. Error-1402 is a static “Deception Page” designed to mimic a high-end CDN or WAF block page.
在网络安全中,有时最好的防御是混淆。Error-1402 是一个静态的“欺骗页面”,旨在模仿高端 CDN 或 WAF 的拦截页面。

It displays a fake “Ray ID”, a timestamp, and even “detects” the user’s IP, convincing attackers or unauthorized users that they have hit a sophisticated firewall, when in reality, they might just be hitting a simple Nginx 403.

🛡️ Use Cases / 应用场景

  1. Hidden Services: Hide your backend stack. If someone scans your IP, don’t show a default “Welcome to Nginx” page (which reveals you run Nginx). Show this.
    隐藏服务:掩盖你的后端技术栈。如果有人扫描你的 IP,与其展示默认的 Nginx 欢迎页(暴露你用 Nginx),不如展示这个。
  2. Compliance Placeholders: When a site is down or geo-blocked, provide a professional-looking “Access Denied” page.
  3. Honeypots: Deploy this on unused ports to log interactions.

⚙️ Deployment / 部署

1. Nginx Integration (Best Practice)

Map it to your 403/404 errors internally.

server {
    listen 80;
    server_name _;
    
    # Map 403 Forbidden to the deception page
    error_page 403 /error-1402.html;
    
    location = /error-1402.html {
        root /var/www/html;
        internal; # Users cannot access this URL directly
    }
    
    location / {
        return 403; # Default deny
    }
}

2. Static Hosting

You can deploy it instantly to Vercel/Netlify for free.

Deploy with Vercel

3. Customization

Edit index.html to change the Logo and “Brand Name”.

  • Ray ID: Generated locally via JS (no backend needed).
  • IP Detection: Uses public APIs (IPIP, ipify) to show the user’s IP.

⚠️ Disclaimer

“Error 1402” is not a standard HTTP code. It’s a made-up code to confuse scanners. The underlying response should still follow HTTP standards (e.g., maintain a 403 status code for SEO and bot handling).
“Error 1402”不是标准 HTTP 代码。这是一个用来迷惑扫描器的伪造代码。底层响应仍应遵循 HTTP 标准。