lancersupraskyline Posted October 31, 2013 Posted October 31, 2013 Hello all, I'm in the midst of making my website work, and I ran into a problem with error documents.To begin with, here's how my directory structure looks like:+ www (root) | +- foo | | | +-- bar (750) | +- .htaccess | +- error.php I want to prevent user access into /foo/bar, so I changed the permission of the folder (bar) to 750, and 640 for its contents. In my .htaccess, I have specified as below:ErrorDocument 400 /error.php ErrorDocument 401 /error.php ErrorDocument 403 /error.php ErrorDocument 404 /error.php ErrorDocument 500 /error.php Attempting to visit /foo/bar, I have expected to be redirected to error.php, as it is 403 error (or is it not?). However, I am getting a usual 403 Forbidden page instead.Forbidden You don't have permission to access /foo/bar/ on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. Any ideas? 1
Byron Posted October 31, 2013 Posted October 31, 2013 Error pages require the full page url to be redirected. Something like this: ErrorDocument 403 http://your-site.heliohost.org/error.php
lancersupraskyline Posted October 31, 2013 Author Posted October 31, 2013 Error pages require the full page url to be redirected. Something like this: ErrorDocument 403 http://your-site.heliohost.org/error.php I'm sorry, but it didn't work. I tried your suggestion, and provided the full path for 403 Error Document, but it still did not redirect me to error.php. The error page is same as the above. Maybe my .htaccess can shed some light. Most of the parts were taken from H5BP. # 404 error prevention for non-existing redirected folders Options -MultiViews # Force IE to render pages in the highest available mode <IfModule mod_headers.c> Header set X-UA-Compatible "IE=edge" <FilesMatch "\.(appcache|crx|css|eot|gif|htc|ico|jpe?g|js|m4a|m4v|manifest|mp4|oex|oga|ogg|ogv|otf|pdf|png|safariextz|svgz?|ttf|vcf|webapp|webm|webp|woff|xml|xpi)$"> Header unset X-UA-Compatible </FilesMatch> </IfModule> # Use UTF-8 encoding for anything served as `text/html` or `text/plain` AddDefaultCharset utf-8 # Force UTF-8 for certain file formats <IfModule mod_mime.c> AddCharset utf-8 .atom .css .js .json .rss .vtt .webapp .xml </IfModule> # Turning on the rewrite engine <IfModule mod_rewrite.c> Options +FollowSymlinks RewriteEngine On # Suppressing "www." at the beginning of URLs RewriteCond %{HTTPS} !=on RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L] # Block access to hidden files and directories RewriteCond %{SCRIPT_FILENAME} -d [OR] RewriteCond %{SCRIPT_FILENAME} -f RewriteRule "(^|/)\." - [F] # Prevent hotlinking RewriteCond %{HTTP_REFERER} !^http://altbdoor.heliohost.org/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://altbdoor.heliohost.org$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.altbdoor.heliohost.org/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.altbdoor.heliohost.org$ [NC] RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC] </IfModule> # Block access to directories without a default document <IfModule mod_autoindex.c> Options -Indexes </IfModule> # Block access to backup and source files <FilesMatch "(^#.*#|\.(bak|config|dist|fla|inc|ini|log|psd|sh|sql|sw[op])|~)$"> Order allow,deny Deny from all Satisfy All </FilesMatch> # expiry <IfModule mod_expires.c> ExpiresActive on ExpiresDefault "access plus 1 month" ExpiresByType text/css "access plus 1 month" ExpiresByType image/x-icon "access plus 1 year" ExpiresByType text/html "access plus 0 seconds" ExpiresByType application/javascript "access plus 1 month" ExpiresByType application/font-woff "access plus 1 year" </IfModule> # Error document ErrorDocument 400 /error.php ErrorDocument 401 /error.php ErrorDocument 403 http://altbdoor.heliohost.org/error.php ErrorDocument 404 /error.php ErrorDocument 500 /error.php In case you're interested to try it out, the URL to the said protected folder is http://altbdoor.heli...org/admin/frame
Byron Posted October 31, 2013 Posted October 31, 2013 The problem is when you give the folder 750 permissions. For some reason it bypasses your error page and goes to the server default error page. Since your already blocking directory indexing with this: Options -Indexes Go back and change the permissions on your folder to 755 and don't add an index file in that folder. Example:http://byrondallas.heliohost.org/foo
lancersupraskyline Posted November 1, 2013 Author Posted November 1, 2013 The problem is when you give the folder 750 permissions. For some reason it bypasses your error page and goes to the server default error page. Since your already blocking directory indexing with this: Options -Indexes Go back and change the permissions on your folder to 755 and don't add an index file in that folder. Example: http://byrondallas.heliohost.org/foo Ah, I see. Thank you for your time and answer!
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now