Jump to content

403 Not Triggered?

lancersupraskyline
 Share

Recommended Posts

lancersupraskyline Newbie

lancersupraskyline

Posted
Posted

Hello all,

 

I'm in the midst of making my website work, and I ran into a problem with error documents.

To begin with, here's how my directory structure looks like:

+ www (root)
|
+- foo
|  |
|  +-- bar (750)
|
+- .htaccess
|
+- error.php

 

I want to prevent user access into /foo/bar, so I changed the permission of the folder (bar) to 750, and 640 for its contents.

 

In my .htaccess, I have specified as below:

ErrorDocument 400 /error.php
ErrorDocument 401 /error.php
ErrorDocument 403 /error.php
ErrorDocument 404 /error.php
ErrorDocument 500 /error.php

 

Attempting to visit /foo/bar, I have expected to be redirected to error.php, as it is 403 error (or is it not?). However, I am getting a usual 403 Forbidden page instead.

Forbidden

You don't have permission to access /foo/bar/ on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

 

Any ideas?

  • Like 1
Link to comment
Share on other sites
lancersupraskyline Newbie

lancersupraskyline

Posted
  • Author
Posted
Error pages require the full page url to be redirected. Something like this: 
 ErrorDocument 403 http://your-site.heliohost.org/error.php

 

I'm sorry, but it didn't work. I tried your suggestion, and provided the full path for 403 Error Document, but it still did not redirect me to error.php.

 

The error page is same as the above.

 

Maybe my .htaccess can shed some light. Most of the parts were taken from H5BP.

 

# 404 error prevention for non-existing redirected folders
Options -MultiViews

# Force IE to render pages in the highest available mode
<IfModule mod_headers.c>
Header set X-UA-Compatible "IE=edge"
<FilesMatch "\.(appcache|crx|css|eot|gif|htc|ico|jpe?g|js|m4a|m4v|manifest|mp4|oex|oga|ogg|ogv|otf|pdf|png|safariextz|svgz?|ttf|vcf|webapp|webm|webp|woff|xml|xpi)$">
	Header unset X-UA-Compatible
</FilesMatch>
</IfModule>

# Use UTF-8 encoding for anything served as `text/html` or `text/plain`
AddDefaultCharset utf-8

# Force UTF-8 for certain file formats
<IfModule mod_mime.c>
AddCharset utf-8 .atom .css .js .json .rss .vtt .webapp .xml
</IfModule>

# Turning on the rewrite engine
<IfModule mod_rewrite.c>
Options +FollowSymlinks
RewriteEngine On

# Suppressing "www." at the beginning of URLs
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]

# Block access to hidden files and directories
RewriteCond %{SCRIPT_FILENAME} -d [OR]
RewriteCond %{SCRIPT_FILENAME} -f
RewriteRule "(^|/)\." - [F]

# Prevent hotlinking
RewriteCond %{HTTP_REFERER} !^http://altbdoor.heliohost.org/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://altbdoor.heliohost.org$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.altbdoor.heliohost.org/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.altbdoor.heliohost.org$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]
</IfModule>

# Block access to directories without a default document
<IfModule mod_autoindex.c>
Options -Indexes
</IfModule>

# Block access to backup and source files
<FilesMatch "(^#.*#|\.(bak|config|dist|fla|inc|ini|log|psd|sh|sql|sw[op])|~)$">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>

# expiry
<IfModule mod_expires.c>
ExpiresActive on
ExpiresDefault "access plus 1 month"

ExpiresByType text/css "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresByType text/html "access plus 0 seconds"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType application/font-woff "access plus 1 year"
</IfModule>

# Error document
ErrorDocument 400 /error.php
ErrorDocument 401 /error.php
ErrorDocument 403 http://altbdoor.heliohost.org/error.php
ErrorDocument 404 /error.php
ErrorDocument 500 /error.php

 

 

In case you're interested to try it out, the URL to the said protected folder is http://altbdoor.heli...org/admin/frame

Link to comment
Share on other sites
Byron Explorer

Byron

Posted
Posted

The problem is when you give the folder 750 permissions. For some reason it bypasses your error page and goes to the server default error page. Since your already blocking directory indexing with this: Options -Indexes Go back and change the permissions on your folder to 755 and don't add an index file in that folder.

 

Example:

http://byrondallas.heliohost.org/foo

Link to comment
Share on other sites
lancersupraskyline Newbie

lancersupraskyline

Posted
  • Author
Posted
The problem is when you give the folder 750 permissions. For some reason it bypasses your error page and goes to the server default error page. Since your already blocking directory indexing with this: Options -Indexes Go back and change the permissions on your folder to 755 and don't add an index file in that folder. Example: http://byrondallas.heliohost.org/foo

 

Ah, I see. Thank you for your time and answer!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...