403 forbidden occurs for some URL - apache

I want to know how to remove 403 issue for particular URL .
For example ,whatever comes after http://www.example.com/webapp/* , I need to remove 403 issue. How to set this?

you must configure your web server to allow pages from that file directory to be served to the public.
http://httpd.apache.org/docs/2.2/urlmapping.html#user

Related

Is it possible to obfuscate or eliminate Http 403 status code

A web developer reached out to me to inquire if I could prevent the 403 Forbidden status from showing on a Drupal site. Of course I thought they just wanted a redirect to a 404 page or to the home page but that wasn't it. They wanted to know if I code make the 403 status code something else or prevent it from being sent to the browser.
Example: When someone browses to mysite.com/contact, they are sent to mysite.com/homepage by default because of redirection as I changed the how ErrorDocument handles 403 and 404 errors in Apache. However if you open devtools in any browser you can see that a 403 error is thrown.
The developer would like for that indication of the error code to be removed or replaced by something else. I am pretty sure it isn't possible but I have been wrong in the past so asking. I have done some Googling and can't find anything to put me on the path to finding where that is generated server-side to see if I can manipulate it. Any help would be appreciated as to find out if this is possible or not.
I agree with you, it is not possible to "override" 403 and 404 at server-side level.
What it is possible is to override 403 and 404 error pages through twig template, but it is only a frontend option

Query string (URL) lead to 403

Please help me on this.Already tried disable mode_security module through .htaccess no use.
PHP Version 5.6.30
Apache redirect the request to 403 page if pass parameter below.
&test[object_type]=0
The name (object_type) leads to 403 page.
eg:http://www.cudec.com.my/?test[object_type]=0 ✖ NOT WORKING LEADS TO 403
eg:http://www.cudec.com.my/?test[object_types]=0 ✓ WORKING
Will update this post to a full answer as soon as I got more information to work with ;)
I tried to call the 403-URL:
You don't have permission to access / on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
You ensured that ModSecurity is the one replying with 403? Looks more like the folder permissions are insufficient.
Check if your DocumentRoot is at least readable for users (an 'r' at the last triple or 4 in the last byte).
If it's really ModSecurity, have a look into /var/log/apache2/modsecurity_audit.log and you should see which rule (by ID) is the one throwing 403 and also the reason (Error-Msg in the rule) why.
Does http://www.cudec.com.my/?test[object_types]=0 return the expected result?
The parameter doesn't seem to be interpretated when using &test[object_type] instead of &test[object_types] and the target ressource / seems to have insufficient rights, same for the error-pages...

API Gateway Redirect 302

I've got a service I'm proxying with gateway. A GET request to / will return a 302 with a Location header. The problem is the value of the Location header which I'm referencing in "integration.response.header.Location" is /login.
What this ends up doing is breaking my proxy by removing the stageName from the AWS provided URL for the API.
Instead of "{AWS_URL}/local/login", the redirect is going to "{AWS_URL}/login" which causes a 403 Forbidden from API Gateway.
If I manually modify the header mapping expression to use 'local/login' all works fine, but, the above should work, no?
Is there some hackery to maybe concat values into a header mapping expression?
Any help is greatly appreciated!
Thanks!
Moved to AWS Forums as it may be more appropriate - https://forums.aws.amazon.com/thread.jspa?threadID=228457

403 while accessing webpage using apache

I set up apache and changed my home directory to my
desktop/project.
I created a webpage and when I try to open it with http:// localhost/app/index.html, and the website works properly without any problem. But when I give the link as http:// 127.0.0.1/app/index.html I get a error 403 Forbidden.
Thanks in advance. Any help will be appreciated.

redirection page help -apache

I have a folder where in there is a .htaccess file with some settings .. so when i try to load the page .its asks for authentication . so when i dont give the user name and passwd . it redirects to a page. i need to know where this redirection settings are there . how to get to the core.
This question is not terribly clear.
It sounds like you have authentication set up in your .htaccess file. If authentication fails, Apache returns a 401 Unauthorized (or 403 Forbidden) response. You might try redefining the error pages for those two errors using the ErrorDocument directive.