From 9c4e02f565f5287fa68994a2bdb5429a2f0dd534 Mon Sep 17 00:00:00 2001
From: Adam Outler <adamoutler@gmail.com>
Date: Sun, 8 Feb 2026 02:33:11 +0000
Subject: [PATCH] Add 403 message which describes the problem

---
 front/403_internal.html                       | 65 +++++++++++++++++++
 .../config/nginx/netalertx.conf.template      |  1 +
 2 files changed, 66 insertions(+)
 create mode 100644 front/403_internal.html

diff --git a/front/403_internal.html b/front/403_internal.html
new file mode 100644
index 00000000..cbbcc8cf
--- /dev/null
+++ b/front/403_internal.html
@@ -0,0 +1,65 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Access Restricted - NetAlertX</title>
+    <style>
+        body {
+            font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
+            background-color: #f8f9fa;
+            color: #212529;
+            display: flex;
+            align-items: center;
+            justify-content: center;
+            height: 100vh;
+            margin: 0;
+        }
+        .container {
+            text-align: center;
+            padding: 2rem;
+            background: white;
+            border-radius: 8px;
+            box-shadow: 0 4px 6px rgba(0,0,0,0.1);
+            max-width: 600px;
+        }
+        h1 {
+            color: #dc3545;
+            font-size: 2rem;
+            margin-bottom: 1rem;
+        }
+        p {
+            margin-bottom: 1rem;
+            line-height: 1.5;
+        }
+        .code-snippet {
+            background-color: #e9ecef;
+            padding: 0.2rem 0.4rem;
+            border-radius: 4px;
+            font-family: monospace;
+            font-weight: bold;
+        }
+        .footer {
+            margin-top: 2rem;
+            font-size: 0.9rem;
+            color: #6c757d;
+            border-top: 1px solid #dee2e6;
+            padding-top: 1rem;
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <h1>403 Forbidden</h1>
+        <p>
+            The <span class="code-snippet">/server</span> endpoint is for <strong>internal use only</strong> and cannot be accessed from external browsers or applications.
+        </p>
+        <p>
+            This security measure protects the backend API. You will need to contact your system administrator in order to gain access to the API port (default: 20212), or use the application through the standard web interface.
+        </p>
+        <div class="footer">
+            NetAlertX Security &bull; Trust Level: Untrusted Origin
+        </div>
+    </div>
+</body>
+</html>
\ No newline at end of file
diff --git a/install/production-filesystem/services/config/nginx/netalertx.conf.template b/install/production-filesystem/services/config/nginx/netalertx.conf.template
index 0dfbeb18..abe3e9e1 100755
--- a/install/production-filesystem/services/config/nginx/netalertx.conf.template
+++ b/install/production-filesystem/services/config/nginx/netalertx.conf.template
@@ -117,6 +117,7 @@ http {
 
         location /server/ {
             # 1. Enforcement
+            error_page 403 /403_internal.html;
             if ($is_trusted != "TRUSTED") {
                 return 403;
             }