• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 356
  • Last Modified:

This Page Cannot Be Displayed instead of 403 for mod_access directive

Hello,

The following returns "403 Forbidden" unless you have the correct env.
         Order Deny, Allow
         Deny from all
         Allow from env=let_me_in

I don't want a "403 Forbidden" -- instead I want "This Page Cannot Be Displayed" unless you have the correct env.  The same error you would get if the server was offline.  Can this be done from .htaccess or httpd.conf?


0
hankknight
Asked:
hankknight
  • 3
  • 2
2 Solutions
 
giltjrCommented:
Possibily.  IE allows you to configure it for friendly messages.  If IE is configured for friendly messages, then it will ignore any custom error message you create.

You can visit:

http://www.4webhelp.net/tutorials/misc/errors.php
http://www.codestyle.org/sitemanager/apache/errors-403.shtml

or any other site you find searching for custom apache errors

The basic is that you add:

     ErrorDocument 403 /error-docs/403.html

in your .htaccess file.  Then you create your custom error page in that file in that directory.  The path can be anyplace you want.
0
 
hankknightAuthor Commented:
Thank you, but that does not answer my question.  My question is how to avoid sending out a 403 header and instead not to send back ANYTHING at all.
0
 
giltjrCommented:
The only way I am aware of is to modify the source code of Apache to not respond.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
samriCommented:
just to elaborate what has been mentioned by giltr:

The error code are very much the standard - http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html

403 Forbidden
404 Not Found

since in this case the client that does not had the env var "let-me-in" configured -- the server would throw a 403 error.

http://httpd.apache.org/docs/2.2/mod/core.html#errordocument

a trick -- which I never tested :) is to "redefine" 403 -- to any of this option.

   1.  output a simple hardcoded error message
   2. output a customized message
   3. redirect to a local URL-path to handle the problem/error
   4. redirect to an external URL to handle the problem/error

since you insist on 404 error to be returned, you could redifined to a resources that is not protected (by the access control that you defined earlier), and make sure that particular page does not exist.  Thus, client may get a 404 (Not Found).

i hope this may work :)

cheers.


0
 
samriCommented:
i had tried to catch 401 error, and redirect to a page that does not exist.  however, the server still sends 401 error, together with a 404 (since the redirected page does not exist).

I am not sure if this satisfy you.

==quote from  http://httpd.apache.org/docs/2.2/mod/core.html#errordocument

ErrorDocument Directive
Description:      What the server will return to the client in case of an error
Syntax:      ErrorDocument error-code document
Context:      server config, virtual host, directory, .htaccess
Override:      FileInfo
Status:      Core
Module:      core
Compatibility:      Quoting syntax for text messages is different in Apache 2.0
0
 
samriCommented:
check this page out -- that may be possible : http://httpd.apache.org/docs/2.2/custom-error.html

basically, just catch the 403 error using ErrorDocument and redirect it to a cgi script that throw a 404 response to the client.

give it a shot.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now