my page frequently gives errors like forbidden access or internal server error, i think the problem its because my .htaccess file configuration, here it is :
<Files ~ "^\.(htaccess|htpasswd)$">
deny from all
</Files>
Options Indexes
ErrorDocument 400 ../errors/400.html
ErrorDocument 401 ../errors/401.html
ErrorDocument 403 ../errors/403.html
ErrorDocument 404 ../errors/404.html
ErrorDocument 500 ../errors/500.html
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www\.bedif\.net)(:80)? [NC]
RewriteRule ^(.*) http://bedif.net/$1 [R=301,L]
DirectoryIndex index.html
order deny,allow
deny from ../tools/
deny from ../lightbox/
deny from ../errors/
deny from ../images/
2 things:
deny from ../tools/ makes no sense at all, and all your deny from lines are causing a 500 error. The mod_auth docs say the syntax for this is:
Deny from all|host|env=[!]env-variable
Which means it can either be a "all", a host/IP, or an environmet variable. ../tools/ is none of them. You can't put paths in a Deny.
The ErrorDocument directive takes either a full URL, or an absolute path to a file. Anything else, apache assumes you're giving it a specific error message. This means, if you go to a file that doesn't exist, you'll get a 404 and the page will literally say:
../errors/404.html
as the page's message, and not the contents of the html file. Change those to absolute paths.
Related
The .htaccess works fine on the live server but here on my development system, it does not appear to be doing so. If I purposely enter an invalid address, it just gives the basic Apache error.
It is enabled in Apache2.conf with AccessFileName .htaccess but is there anything else that needs to be enabled to make it work? At one point it was working but many system updates later, I just noticed that it is not.
RewriteEngine On
AddDefaultCharset UTF-8
Options -Indexes Includes +FollowSymLinks
DirectoryIndex index.php
ErrorDocument 400 /messages/validate.php?error=400
ErrorDocument 401 /messages/validate.php?error=401
ErrorDocument 403 /messages/validate.php?error=403
ErrorDocument 404 /messages/validate.php?error=404
ErrorDocument 406 /messages/validate.php?error=406
ErrorDocument 408 /messages/validate.php?error=408
ErrorDocument 500 /messages/validate.php?error=500
<Files .htaccess,db_mysql.php,config.php,common.php>
Order Allow,Deny
Deny from all
</Files>
I'm using a whitelist on IP's, and as such I'd like to inform the user why this is so.
order deny, allow
deny from all
allow from 24.11.95.152
My IP whitelist in HTACCESS ^
Now, I set the ErrorDocument to /403
ErrorDocument 403 /403
and finally I rewrite /403 to uhoh.php
RewriteEngine On
RewriteRule ^403/?$ uhoh.php [NC]
However, I still get the typical error from LiteSpeed.
You can use ErrorDocument directly with the file you wish to use for custom message.
In your case would look like this:
ErrorDocument 403 /uhoh.php
From your example, it looks like you're trying to double redirect the error page which is not really needed.
I keep getting close to what I want, but I'm not quite there. Basically, I need to block direct access to a subdirectory, but treat it like a custom error message and not a redirect. I need to maintain the URL so that an index.php file can see the requested filename, and filter site member permissions against it, and then return the file itself. I think, if I can force a 403 error on denied access, then the ErrorDocument would take over. The following .htaccess is in the "files_dir" directory. the ErrorDocuments have already been working for me for a while, but the denied access is giving trouble:
<Files ~ "^/files_dir/protected_dir/.*$">
Order allow,deny
Deny from all
Satisfy All
</Files>
ErrorDocument 404 /files_dir/index.php
ErrorDocument 403 /files_dir/index.php
ErrorDocument 405 /files_dir/index.php
I would approach this with a rewrite rule:
RewriteCond %{PATH_INFO} ^/files_dir/protected_dir/ [NC]
RewriteRule .* - [F]
This won't cause a redirect (the URL would stay intact in the browser), but would return 403 Forbidden.
Don't get why you want apache to send the 403. You could just do that with php. The only thing you need is to rewrite all urls in the protected dir to index.php.
RewriteRule ^protected_dir/ index.php
then in php
if( !$logged_in )
{
header('HTTP/1.1 403 Forbidden');
echo 'not allowed. etc.';
...
How can I get the user to be redirected if their IP was matched on the deny of an IP address, e.g.
<Limit GET POST PUT>
order allow,deny
allow from all
deny from {removed IP address}
</Limit>
I need them to be redirected to a specific website when they are denied from accessing.
Needing help with this..
Setup a script to handle 403 errors by adding this line to your .htaccess:
ErrorDocument 403 /forbidden.php
Then handle the redirect in the script:
<?php
header('Location: http://google.com');
Or to keep it all in .htaccess you could do:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} 127.0.0.1
RewriteRule (.*) http://google.com [R]
Simple solution using only htaccess
ErrorDocument 403 https:///google.com
Order Allow,Deny
Allow from 127.0.0.0/8
Allow from x.x.x.x
Allow from y.y.y.y
Make sure to comment out the directives in welcome.conf, otherwise it will keep overriding your custom ErrorDocument directive.
After that, you can put your ErrorDocument directive in VirtualHost, Document directive or in your .htaccess https://httpd.apache.org/docs/2.4/custom-error.html
Like so:
ErrorDocument 403 <Local file/Remote URL>
And if this doesn't work, then you will have to look into your CORS rule
I am trying to use an htaccess redirect, and for some reason when I try to redirect the user, instead of going to page.html, it tries to go to page.htmlpage.htmlpage.htmlpage.html and it just keeps on repeating it. Anyone have any clue what I am going wrong?
Here is my htaccess file:
IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*
<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName 2enetwork.x10hosting.com
Options All -Indexes
ErrorDocument 401 /error/401.html
ErrorDocument 403 /error/403.html
ErrorDocument 404 /error/404.html
ErrorDocument 500 /error/500.html
Redirect / http://2enetwork.tk/under_construction.html
#RewriteEngine On
#RewriteRule ^(.*)$ ./under_construction.html [L]
Oh, and also, it will give me a 403 error and underneath that it says and addition 302 error was found. If I comment the Redirect / http://2enetwork.tk/under_construction.html, it works fine. There is nothing wrong with the site, and I can see the under construction page fine.
Ok, I figured out why. When I sat there and tried to rediret my site, I redirected the whole site to uc.html (under_construction.html), and uc.html is included in the rest of the site, so it would then try to redirect to uc.html again, and again, and again in a never ending loop. So, my new question is, How do I prevent this from happening? Is there a way I can redirect my whole site minus uc.html?
Anything more complex than a brute force "go there" needs mod_rewrite.
This hasn't been tested, but...
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !under_construction\.html$
RewriteRule ^(.*)$ ./under_construction.html [L]
This RewriteCond line tells it to rewrite all requests except ones for files named under_construction.html*.
* Techinically, all files that end with the string "under_construction.html".