how would I change the default 403 forbidden with a 423 locked instead, when denying someone in htaccess.?
example, usually when you use deny from in htaccess, apache would serve a 403 forbidden error.
is there a way to set what error message is actually served in place of the 403 forbidden?
I have not tried this, but im thinking maybe by defining custom error messages in htaccess might work,
for example,
ErrorDocument 403 /path/423.shtml
But something tells me my server would over ride that by default and still use the 403 error.
and no, i do not have shell access or access to the apache install files.
thanks.
You're close, but you need a script or something to set the header response. Using the ErrorDocument by itself will still cause the server to return a 403 Forbidden, eventhough the content returned will be what's in /path/423.shtml. You can use php or something to override that. So using the error document:
ErrorDocument 403 /path/423.php
Then in the 423.php file:
<?php
header("HTTP/1.1 423 Locked");
// whatever other content you want returned
?>
If you want to want to do it "pure" (without PHP or Perl code) you will need to use mod_rewrite and utilize the [R=XXX] which means redirect and XXX is the code you want to use, see: http://httpd.apache.org/docs/current/rewrite/flags.html#flag_r
Related
I am working on a website (scratchyone.com). I need to have my .htaccess redirect to an external page
http://scratchywon.github.io/scratchyone.com/errors/500.html
on a 500 error. I am forcing a 500 with php.
http://scratchyone.com/500/
Here is my current code:
ErrorDocument 500 http://scratchywon.github.io/scratchyone.com/errors/500.html
EDIT: ErrorDocument 404 http://scratchywon.github.io/scratchyone.com/errors/500.html works
Now that I am using php to send the 500 error, the page doesn't display. It just displays the browser's default "500: Could not display"
Internal error in .htaccess not relay custom ErrorDocument (!) and simulate 500 error via PHP is not quite possible - when your script run it's too late - error document redirection is handled by apache mod_core (!) and PHP only send status.
So I think you can forget about PHP 500-simulation.
Try to make a directory next to main .htaccess and inside make faulty .htaccess
Or maybe this will be helpful for you:
https://www.digitalocean.com/community/tutorials/how-to-configure-apache-to-use-custom-error-pages-on-ubuntu-14-04
Section about 500 provide information how to simulate this error via bad proxy.
Ive made this .htaccess file
ErrorDocument 404 /404.php
ErrorDocument 500 /maintenance.php
But when i try to access to http://www.mupiz.com/admin/TESTS.php (there's a parse error in it)
The serveur does not redirect to maintenance.php
Any ideas ?
Thanks
You have some confusion about custom error handling.
500 is for Internal Server Error in Apache before it invokes PHP module. Once PHP module is invoked it is up to the PHP to handle everything. Parse error anyway is not a 500 and even if you make PHP cause 500, Apache's 500 handler won't be invoked.
We are currently on a load balanced environment and we are having an issue with one of our servers. We are getting an error 500 due to an application crash. As we have our techs look into this I wanted to make a fix. I would like a way to redirect to the same page on the second server when you receive an error 500.
In apache you can simply redirect using this method:
ErrorDocument 500 http://xxx/
My question is, is it possible to have mod_rewrite point the redirect to the specific page that the error 500 came from?
For example, vm1.foo.bar/contact has a error 500 so we need to redirect it to vm2.foo.bar/contact
Also, this is a Windows Server running apache.
Ok posting some command as per comments above.
First define ErrorDocument like this:
ErrorDocument 500 /handle500.php
Then inside /handle500.php have code like this:
<?php
if ($_SERVER["HTTP_HOST"] == 'vm1.foo.bar')
header ("Location: http://vm2.foo.bar" . $_SERVER["REQUEST_URI"]);
else
header ("Location: http://vm1.foo.bar" . $_SERVER["REQUEST_URI"]);
exit;
?>
Apparently Apache 1.3 is used by no one except godaddy by now as I can't seem to find any relevant information for this.
I'd like to use .htaccess files to deny direct access to certain files on my site but without letting attackers know that such a file exists so I'd like to display a 404 "file not found" error instead of a 403 "forbidden" error.
Add following code in .htacess file.
RedirectMatch 404 ".*\/\..*"
it will prohibit access to all files or directories starting with a dot, giving a "404 Not Found" error.
with the help of
Is there a way to force apache to return 404 instead of 403?
I have a number of ErrorDocuments setup in my .htaccess file for errors such as 404, 401, 403 etc which all redirect to my error page but the ErrorDocument set for a 500 error is never displayed when PHP reports a 500. The 500 code is sent to the browser and the output is blank. Is there something special I need to do to enable 500 error documents for use with PHP?
My directives look like this:
ErrorDocument 401 /errorpage.php?error=401
ErrorDocument 403 /errorpage.php?error=403
ErrorDocument 404 /errorpage.php?error=404
ErrorDocument 500 /errorpage.php?error=500
I've looked through the php.ini and can't see anything that would obviously override the Apache settings and there are no ErrorDocument directives in my httpd.conf either. Anywhere else I should be looking?
Thanks in advance.
See this answer to a very similar question. Basically, PHP isn't hardly ever going to trigger a 500.
You may need to add the ErrorDocument declaration earlier in the Apache conf chain. If you add this to a vhost conf it may not be called.
I happened to encounter the same issue while working with codeigniter and Imagick. imagick was setting a 500 HTTP error when something went wrong and in that case Codeigniter's custom 500 message was not displayed.
I resolved this by adding try-catch to all Imagick functions.Check that where from the 500 issue is arising and then add a try-catch there.As for
ErrorDocument 500 /errorpage.php?error=500
,I read loads online about the same where some people claim that this solved their similar issue, others say that it wouldnt help as Apache has handed over the control to PHP.Maybe some php code is setting Headers to 500 and that would probably lead to the browser displaying its custom 500 error message.
I don't believe Apache will let you run PHP files for 500 errors because the error page could generate an error. Try rendering out your 500 error to an HTML file and point your directives at that.