Can Apache serve a default file instead of a 404? - apache

We have Apache serving a set of files from a particular directory. If a file requested in that directory does not exist, can I make Apache return a default file - instead of a 404? If so, how?

This can be achieved making use of .htaccess.
Check this WebReference article on the topic.
Basically you only need a file name .htaccess in your directory which contains
ErrorDocument 404 /YourCustomErrorPage.html
Of course any other file can be served too.

What kind of file? Is it a static file? With Apache you can set custom error pages.

Be careful returning non-404s for any random URI request. It may impact your Google rankings if they notice it and consider it part of a link farm or other such blackhat SEO technique.

If you want to return a file successfully instead of with a 404 status, you can use the FallbackResource directive instead of ErrorDocument.
FallbackResource /YourCustomDocument.html

Related

404 not being caught?

I have been running some automated security scans and the following URL triggers a 404:
/%FF%FE%3Cscript%3Ehaikumsg%28326%29%3C%2Fscript%3E
This is run from the route on the domain on an Apache server (so this should be easy to replicate).
My htaccess is setup with ErrorDocument 404 /site/404 but this isn't being caught. I know this because if I completely empty the htaccess file I am still presented with the same standard apache 404 page.
Clearly this is a tag hack so I have to be careful how its handled, however I'd like to know how to manage it so it at least does my /site/404 instead of nothing.
It turns out the solution is to move your 404 redirect to the Vhosts not htaccess!! Very simple solution and that will fix it. Apache obviously works with the URL before even getting to the htaccess file so moving the 404 redirect is needed at a higher level.
However if you need to decode and use the URLs then the following begins to help:
https://serverfault.com/questions/261683/how-does-apache-process-a-path-with-a-percent-encoded-url-in-it
Basically the solution is to add AllowEncodedSlashes On to the Vhosts file.
As per https://httpd.apache.org/docs/2.0/mod/core.html#allowencodedslashes.

secure underlaying directory with htaccess

I have created an axtra ftp account for someone else, so he can upload files.(tournament results, about 20/30 htm files and images)
I am also very paranoid, so in case he upload "possible dangerous" files, i do not want those files to be accessible via an http request. With the help of PHP I want to grab the content of those files. (I do not expect troubles with that yet)
Problem:
My hoster does not allow extra ftp accounts have access outside the public_html.
So i thought htacces should solve my problem. Just by deny from all rule.
But with ftp acces this htaccess file can be deleted or changed.
So i tried to add the following code in my main htacces file in the root of my site:
<Directory "/home/xxxx.nl/public_html/xxxxxxxx.nl/onzetoernooien/swissmaster_ftp">
deny from all
</Directory>
My site hung with an internal server error.
I have no access to the httpd file.
My idea was to use an htacces file above this directory.
If the absolute path was incorrect, i could use some kind of wildcard, like *swissmaster?
I have searched on the Apache website, but i get lost in the overwhelming amount of information.
Thanks in advance for any help!
Unfortunately you can't use a <Directory> section in .htaccess, only in the server configuration file. That causes the server error (check your error logs and you'll see the error message). We can't secure a subdirectory with a <Filesmatch "subdir/.*$"> either, as FilesMatch examines only the filename part of the requested URI.
You can, however, use mod_rewrite, along these lines:
RewriteEngine on
RewriteRule ^subdir.*$ - [NC,F]
If the requested URI matches the regex pattern subdir.* (so "subdir" followed by anything else; you may need to tweak the pattern, as it happily catches subdir_new/something.txt too -- I'm sure you get the idea), then mod_rewrite's F flag will return a 403 Forbidden status (the NC stands for No-Case, making the pattern case-insensitive).

How to make a static site look dynamic - .htaccess in apache

I have a site that I am running in Apache that is static and I want the server to treat each file as a directory. I have this thing set up in .htaccess that will get rid of all .html extensions. So this is what I want:
Ex.
http://example.com/about (Currently)
to
http://example.com/about/
without having to change it into a directory or make it dynamic. Is there a .htaccess hack? Is it possible?
You should check out mod_rewrite which lets you rewrite any url using regular expressions.

Apache ErrorDocument with absolute path

I have a server with several virtual hosts. Now I want to set up the error documents for the whole server. I have located my error sites in /var/www/error/*, but with the ErrorDocument directive I am only able to set the error document relative to the document root, but I want to use the absolute path (e.g /var/www/error/404.html).
Has anyone an idea how I can get this?
I don't think this can be done directly inside the statement: The ErrorDocument will always have to be relative to the DocumentRoot. According to the docs, the only alternative seems to be specifying an external URL, but that is bad because the wrong response header gets sent (302 instead of 404).
You could try whether anything is possible using an Alias directive or - I'm sure this would work - a symbolic link:
ErrorDocument 404 /symlinked_page.php

return 404 error on existing directory

Ok so i have a directory in my root folder called /pages in which i keep all my pages that i include thru index.php
What I wonder is would could i somehow return a 404 error if someone requests it? i dont like snoopy people...
Is there any way you can re-structure your app so that those pages are outside the document root? Much better answer...
Absolutely put the data outside the web root as gahooa says.
If that's totally impossible due to provider restrictions, then put a .htaccess with the following contents into the directory:
deny from all
that should block all requests to files in that directory and return a "401 forbidden".
Try this rule:
RewriteRule ^pages($|/) - [L,R=404]
But the R=404 flag does only work since Apache 2.
gahooa gives the best solution. If you can't place files outside of document root and your host runs Apache 1.3, you can also use mod_alias:
Redirect 404 /pages