mydomain.com/badurl.html redirects correctly to mydomain.com/en/404.html, but mydomain.com/en/badurl.html does not and goes to a blank page, literally. Looks like adding a locale 'en' throws it off, rest of the locales seem to work OK.
This is my Virtual Host
ErrorDocument 404 /en/404-error.html
P.S it is outside all directives but .
You're probably sending those requests to something like PHP that sees them and returns something other than 404 to Apache. There are cases where plugins can even send a 404, but tell Apache the response was successful. Those do not trigger ErrorDocument.
Related
I have been running some automated security scans and the following URL triggers a 404:
/%FF%FE%3Cscript%3Ehaikumsg%28326%29%3C%2Fscript%3E
This is run from the route on the domain on an Apache server (so this should be easy to replicate).
My htaccess is setup with ErrorDocument 404 /site/404 but this isn't being caught. I know this because if I completely empty the htaccess file I am still presented with the same standard apache 404 page.
Clearly this is a tag hack so I have to be careful how its handled, however I'd like to know how to manage it so it at least does my /site/404 instead of nothing.
It turns out the solution is to move your 404 redirect to the Vhosts not htaccess!! Very simple solution and that will fix it. Apache obviously works with the URL before even getting to the htaccess file so moving the 404 redirect is needed at a higher level.
However if you need to decode and use the URLs then the following begins to help:
https://serverfault.com/questions/261683/how-does-apache-process-a-path-with-a-percent-encoded-url-in-it
Basically the solution is to add AllowEncodedSlashes On to the Vhosts file.
As per https://httpd.apache.org/docs/2.0/mod/core.html#allowencodedslashes.
I am working with a tomcat application that I cannot modify, though I have full control over apache which is set up in front of it (with a reverse proxy).
The application will do a 302 redirect to pagenotavailable.jsp when it encounters a URL that's no longer valid (i.e. the ID no longer exists or is malformed).
I need to figure out a way to make these return a 404 so that these URLs drop out of the search engine indexes.
One possibility I came up with is to set up a mod_rewrite redirect from pagenotavailable.jsp to a page I made called 404.html :
RewriteEngine on
RewriteRule ^/pagenotavailable\.jsp /404.html [NC,R=404,L]
Or just this, since 404.html is already set up as ErrorDocument:
RewriteRule ^/pagenotavailable\.jsp$ - [R=404]
That is showing the content of my custom 404.html page, but the URL does not update (it is still pagenotavailable.jsp) and the status code is still 302.
Any ideas why I don't get a 404, of any alternative approaches are appreciated!
If you are responding with a 302, then the client will always update its URL (e.g. in the URL bar) to show .../pagenotavailable.html. If you want that to go away, you'll have to redirect again to your preferred URL. The only other option would be to modify the application so it doesn't perform a redirect, but instead a "forward" which is handled entirely on the server-side. But you specifically mentioned that you can't modify the web app, soo...
I'd be very surprised if the status code were still 302... when a client receives a 302 response, it should perform a GET to the Location provided in the 302 response header. If anything, I'd expect a 200 response with your 404.html content if the response code wasn't being set to 404.
The [R=xxx] flag tells mod_rewrite to issue a redirect, which must be a 3xx response code. You can use a 404, but you should be aware of the caveats. That page says what happens with the Location header (i.e. nothing) and it says that it will imply the [L] flag, but it doesn't say anything about what response code will actually be sent to the client.
What about using RewriteRule to rewrite the page to something that actually doesn't exist?
RewriteRule ^pagenotavailabe.jsp$ /does-not-exist.html
... then let your standard 404 handler handle the error (and return the contents of 404.html plus the 404 protocol response).
I have a simple 404 error redirect in the .htaccess to my script like this:
ErrorDocument 404 https://example.com/error.pl?q=404
But on the redirect the address is changed in the address bar of the browser to this https://example.com/error.pl?q=404 from the wrong address (from which the redirect is performed).
How to keep the initial address in the browser address bar while redirecting to the custom error page?
Your kind help is highly appreciated!
Use link without domain name:
ErrorDocument 404 /error.pl?q=404
Note that when you specify an ErrorDocument that points to a remote
URL (ie. anything with a method such as http in front of it), Apache
HTTP Server will send a redirect to the client to tell it where to
find the document, even if the document ends up being on the same
server. This has several implications, the most important being that
the client will not receive the original error status code, but
instead will receive a redirect status code. This in turn can confuse
web robots and other clients which try to determine if a URL is valid
using the status code.
https://httpd.apache.org/docs/2.4/en/mod/core.html#errordocument
I have installed apache2 on my ubuntu machine. As I need to work with subdomains I created a proper entry in sites-available which looks like this:
<VirtualHost *:80>
ServerName xxx.localhost
DocumentRoot /var/www/
</VirtualHost>
I also enabled mod_rewrite (and changed "AllowOverride All" in my sites-available/default file) but other than that nothing else was changed.
My .htaccess file does work, and I wanted to handle some error codes. Doing so with 404 worked pretty well, but for some reason other errors don't seem to work. I'm mostly interested in handling error 400:
ErrorDocument 400 /400.php
ErrorDocument 404 /404.php
Is there anything else I should look at? I couldn't seem to find any place where 404 are allowed while other error codes aren't.
If the php is returning the 400 error, then php should generate the error document.
Use something like:
if( $someError )
{
http_response_code(400);
include("{$_SERVER['DOCUMENT_ROOT']}/400.php");
exit();
}
From the Apache documentation:
Although most error messages can be overriden, there are certain circumstances where the internal messages are used regardless of the setting of ErrorDocument. In particular, if a malformed request is detected, normal request processing will be immediately halted and the internal error message returned. This is necessary to guard against security problems caused by bad requests.
Try adding it directly in the httpd.conf and restart Apache.
Is there a way to have the request parameters "forward on" to the custom error file in apache much like [QSA] does on rewrite rules?
if i send in www.foo.com/doesnotexist?bar=true
and i have this in vhost:
ErrorDocument 404 /customerrorpage
then it would call customerrorpage with:
customerrorpage?bar=true
I know this is really old question, but it hasn't been answered and so in case someone else is searching the site for the answer I'll share what I know.
The Apache 2.2 ErrorDocument page says that when you have a Custom Error page which is a local page then a number of environment vars will be set which can be read from your customer error handler. One of the vars is REDIRECT_QUERY_STRING which will contain the query string that the original page had. So in your example the REDIRECT_QUERY_STRING would contain 'bar=true'.