Send a 404 error via htaccess? - .htaccess

I'd like to cut off access to a subdirectory on my site but I want any access in the subdirectory to be a 404 error, not a 403 forbidden. How can this be accomplished?

Try:
RewriteRule ^directory/ - [L,R=404]
This redirects all requests for the folder "/directory/", they get a 404 response.

I think, 410 error better
RewriteRule ^directory/ - [L,R=410]
or my search:
RewriteCond %{HTTP_USER_AGENT} (googlebot|bingbot|Baiduspider) [NC]
RewriteRule .* - [R=410,L]
on russian wiki
404 Not Found [19] - the most common mistake when using the Internet, the main reason - an error in writing the address of a Web page. The server understood the request, but did not find the corresponding resource at the specified URL. If the server knows that there was a document at this address, then it is desirable for it to use code 410. Answer 404 can be used instead of 403 if you need to carefully hide certain resources from prying eyes. Appeared in HTTP/1.0.

Redirect 404
Put this into the .htaccess file in the directory that you want off the record. The Redirect directive is part of mod_alias and can be used to send any status code, not just redirects.

You could also for the time being change which page a user will see when confronted with a 403 error, but I wouldn't recommend doing this long-term.
.htaccess:
ErrorDocument 403 /your404pagehere.php

Related

.htaccess inconsistent redirect behavior

I'm getting inconsistent results with what appears to me to be the exact same redirect. Can anyone see what I'm missing?
Here's my .htaccess file. You can see where I'm trying to redirect all of the contents of 3 directories to my file_not_found page.
The problem is that only one of the directories is redirecting properly. By "properly" I mean, that it shows in the browsers url bar that it's displaying www.hhoprofessor.com/file_not_found.
The bak directory works, but none of the rest do. For instance see the following examples:
When I type www.hhoprofessor.com/bak/random_file_name, it redirects to www.hhoprofessor.com/file_not_found. This is the correct behavior.
When I do the same with the other 2 directories, I get the following result: Typing www.hhoprofessor.com/inc/random_file_name doesn't change in the address bar, but does correctly show the content of the file_not_found page. Same result when I try the page subdirectory.
I need them to do a full forwarding like they do for the /bak subdir. I don't get why the same directive is not operating the same way.
I've tried this in Chrome and Opera and they both have the same behavior. Apache version is 2.4.33, and this is a hosted lamp server.
ErrorDocument 404 /file_not_found
Redirect 301 /.htaccess http://www.hhoprofessor.com/file_not_found
RewriteEngine On
RewriteBase /
# Redirect directories to file_not_found.php:
RewriteRule ^inc/(.*) file_not_found [R,L]
RewriteRule ^bak/(.*) file_not_found [R,L]
RewriteRule ^pages/(.*) file_not_found [R,L]
# require www prefix
RewriteCond %{HTTP_HOST} ^hhoprofessor\.com$ [NC]
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTPS}:s on:(s)
RewriteRule ^(.*)$ http%1://www\.hhoprofessor\.com/$1 [R=301,L]
# Homepage: / redirects to http
RewriteCond %{HTTPS} on
RewriteRule ^$ http://www\.hhoprofessor\.com/ [R=301,L]
One more datum that might apply: This is an addon domain and is in a subdir to the main domain. I've added the following line to the top of the main domain's .htaccess which is supposed to stop processing anything coming to the addon domain:
RewriteCond %{HTTP_HOST} ^(www\.)?hhoprofessor\.com$
RewriteRule ^.*$ '-' [L]
In looking through that file, I just don't see how it could be affecting this situation, even if the whole main domain .htaccess were being processed.
Can anyone see what I'm missing?
If you want to debug such behavior, the first reflex to adopt is to analyze network traffic and http headers. Thanks to that, you'd have seen that both inc and pages folders end up with a 403 (Forbidden) code. You need to change permissions on those folders (and files recursively, maybe).
bak folder test output:
inc (same for pages) folder test output:
BUT, from a SEO point of view, what you're trying to do is not good. You should only keep ErrorDocument 404 /file_not_found and remove your redirect rules. It automatically sends a 404 (Not Found) code without changing the url. Quick reminder: changing the url means redirect, in your case you send a 302 (Moved Temporarily) code instead of a 404, which is not the expected behavior.
Ok, this resolved thanks to Justin's answer. Although, I'm not sure exactly why. The file permissions and ownership across all 3 directories were identical. So, I still don't know why one worked correctly and the other 2 didn't. There was no permission or ownership problem causing a 403 status code. Dirs were 755 and files were 644.
But I tried making the permissions on all 3 of these dirs 700. After that, all redirects worked as expected. But, it's counter-intuitive. The incorrect behavior was giving the status code of 403 (forbidden). And then when I changed the permissions so that the directory was indeed forbidden, then it redirected with 302. Go figure. But it works.
By the way, I would up-vote Justin's answer more if I could. The tip to analyze the status code will help me with problems in the future. I didn't know about that one.
later edit:
I've removed all redirects and I'm only using the file permissions now. I set up the 404 and 403 documents and everything works fine. It is worthy of note that using the ErrorDocument directive causes these to be sent with a 302 code. But that should be find SEO-wise as none of these are linked anywhere. All normal pages have status code 200.

How to have two different custom error pages in .haccess?

1.
I have a .haccess file that requires you do be accessing from a certain IP address:
<RequireAll>
Require ip XX.XX.XX.XX.XX YY.YY.YY.YY.YY ZZ.ZZ.ZZ.ZZ.ZZ
</RequireAll>
If someone tries to access the website from a IP other then X, Y, or Z then they get an error 403 Forbidden page. I have customized it using the following:
ErrorDocument 403 /.forbidden.php
2.
If someone tries to access a restricted file in the same directory (even if they are from ip addresses X, Y, or Z) then again they prompted with the SAME custom 403 Forbidden page.
My Question
How can I have two different custom 403 Forbidden pages based on why they are forbidden from accessing? In example 1 the forbidden page would /.wrongip.php and in example 2 the forbidden page would /.restricted.php
If this is about the extent of what you are doing then it is fine but if you are going to be doing a lot of redirecting I would consider doing this in PHP, but I digress. You are going to have to use Apache (2.4) module mod_rewrite to rewrite rules and conditions for the IP restriction portion. I would leave your custom 403 Forbidden as is for handling the other cases of that status code. If you are on shared hosting this module is usually enabled by most hosting providers by default.
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^111.222.333.444$
RewriteRule ^(.*)$ /.wrongip.php [L]
You will likely avoid confusion if you keep rule rewrites up near the top of your .htaccess file. You only need the RewriteEngine On line once in your file. RewriteCond is one of the conditions for the rule immediately following. You could have multiple conditions mapped to a single rule (using [OR] flag; AND behavior is by default).
In this solution, the ^ character indicates the start of a string. Likewise, $ indicates the end. So, ^(.*)$ is a wildcard and would match any file accessed on your server. Preceded by a single space separator, the /.wrongip.php portion indicates your custom error page to be redirected to. [L] is the flag to indicate the Apache server should stop processing other rules once it matches that one. Use this unless you are using multiple rules to construct a single URL, otherwise you may cause yourself a headache.
There is an additional flag, [R], that I would suggest being aware of and trying to use when possible for easier use in maintaining good practice with HTTP response codes. These help with search rankings and I would recommend specifying a 403 response because by default it will throw a 302 error which can negatively effect ranking over time. Changing the rule to RewriteRule ^(.*)$ /.wrongip.php [R=403,L] would cause the Apache server to issue an HTTP redirect to the browser (to /.wrongip.php) and communicate a 403 Forbidden error in the header. Since my example has all pages redirecting to /.wrongip.php for non-whitelisted IPs, most likely even /.wrongip.php itself, I think in your specific case the [R] flag would result in an HTTP redirect loop where they would keep requesting /.wrongip.php. In this case you should omit the [R] flag, this will cause the Apache server to do an internal redirect.
Without the [R] flag, the client won't have any idea that this redirect went on (hence internal), so you should still emulate the error code in the header of your /.wrongip.php file using PHP.
I have not tested it, but I assume something like
<Directory /var/www/mysite>
ErrorDocument 403 /.restricted.php
<RequireAll>
Require ip XX.XX.XX.XX.XX YY.YY.YY.YY.YY ZZ.ZZ.ZZ.ZZ.ZZ
ErrorDocument 403 /.wrongip.php
</RequireAll>
</Directory>
could do the trick.
Have a look at
https://httpd.apache.org/docs/trunk/custom-error.html and https://httpd.apache.org/docs/trunk/mod/core.html#errordocument for more information on how such configurations work.

htaccess Help required redirecting old deleted links

I have a site (e.g. mysite.com) and old versions of the site under a directory are still appearing in search engines (e.g. mysite.com/oldsecton/something.html). There are too many of these links to remove from search engine finds.
I want everything in the /oldsection to redirect back to mysite.com/index.html
i.e. everything in the /oldsection should go to index.html located one directory path back
I have tried different variations of .htaccess inside /oldsection such as
ErrorDocument 404 ../index.html
ErrorDocument 404 mysite.com/index.html
etc...
None of them seem to be successfull.
This should be a simple task but I keep getting an Internal Server Error or a ErrorDocument error.
Inside /oldsection/.htaccess have this code:
RewriteEngine On
RewriteRule ^ /index.html [L,R=302]

Custom 404 error page is generating a 500 error

For security reasons, I am making it so that all php files generate a 404 error, then using a custom 404 error page, like so:
RewriteCond %{THE_REQUEST} \.php[\ /?].*HTTP/
RewriteRule ^.*$ - [R=404,L]
ErrorDocument 404 /error.html
Any php script I go to returns a custom 404 error page, as I would like, but below that it says:
Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
But when I go to a page that actually doesn't exist (lets say http://localhost/Hello/world.html) I get the error page I want.
I'm confused, what am I doing wrong. Also, I would like to be able to use a php pagefor my custom ErrorDocument, but I'm not sure if that's possible.
You should try a redirect match:
RedirectMatch 404 ".*\.php"
This will pass the Not Found Error, and throw the appropriate ErrorDocument.

Need to specify full URL in .htaccess?

I have the following line in my .htaccess file and it works.
ErrorDocument 404 http://localhost/error.php?code=404
When I change it to either of these it doesn't work anymore (don't know which is correct):
ErrorDocument 404 error.php?code=404
ErrorDocument 404 /error.php?code=404
The .htaccess file and error.php are in the same directory. Why is this happening?
Note: I'm on Wampserver
FULL .HTACCESS FILE
RewriteEngine on
RewriteRule ^([a-z]+)$ $1.php
ErrorDocument 404 http://localhost/error.php?code=404
The reason this is not working is because of the query string.
When you don't supply a full URL to the ErrorDocument directive, Apache treats is as a local file path relative to DocumentRoot. Slightly confusingly, you do need to use the leading / even though it is technically a relative path.
Now, what you want to do is actually not as simple as it may seem on the face of it. Because you are now dealing with a local path, the query string portion no longer has a special meaning, and will be treated as a literal part of the file name - and obviously the file is not called error.php?code=404, it's just called error.php. Thankfully though, it is possible with a little bit of messing around, because ErrorDocument does generate an internal request which is passed through the standard routing engine. What we will need here is a little bit of mod_rewrite magic.
Try the following:
ErrorDocument 404 /error-404.php
RewriteEngine On
RewriteRule ^/?error-([0-9]+)\.php$ /error.php?code=$1 [L,QSA]
This assumes that your .htaccess and error.php files both reside in the DocumentRoot.
In my opinion, 404 (like 403, 502, ...) code is a HTTP code so it could be logic that the instruction ErrorDocument, which reference to HTTP process in your case, needs a http:// instruction.
Using DaveRandom's solution, I simply added the R flag to RwriteRule and it works.
Try this configuration:
ErrorDocument 404 /error-404.php
RewriteEngine On
RewriteRule ^/?error-([0-9]+)\.php$ /error.php?code=$1 [L,R,QSA]
For me it works on Apache 2.4.12

Resources