hankknight
asked on
This Page Cannot Be Displayed instead of 403 for mod_access directive
Hello,
The following returns "403 Forbidden" unless you have the correct env.
Order Deny, Allow
Deny from all
Allow from env=let_me_in
I don't want a "403 Forbidden" -- instead I want "This Page Cannot Be Displayed" unless you have the correct env. The same error you would get if the server was offline. Can this be done from .htaccess or httpd.conf?
The following returns "403 Forbidden" unless you have the correct env.
Order Deny, Allow
Deny from all
Allow from env=let_me_in
I don't want a "403 Forbidden" -- instead I want "This Page Cannot Be Displayed" unless you have the correct env. The same error you would get if the server was offline. Can this be done from .htaccess or httpd.conf?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The only way I am aware of is to modify the source code of Apache to not respond.
just to elaborate what has been mentioned by giltr:
The error code are very much the standard - http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
403 Forbidden
404 Not Found
since in this case the client that does not had the env var "let-me-in" configured -- the server would throw a 403 error.
http://httpd.apache.org/docs/2.2/mod/core.html#errordocument
a trick -- which I never tested :) is to "redefine" 403 -- to any of this option.
1. output a simple hardcoded error message
2. output a customized message
3. redirect to a local URL-path to handle the problem/error
4. redirect to an external URL to handle the problem/error
since you insist on 404 error to be returned, you could redifined to a resources that is not protected (by the access control that you defined earlier), and make sure that particular page does not exist. Thus, client may get a 404 (Not Found).
i hope this may work :)
cheers.
The error code are very much the standard - http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
403 Forbidden
404 Not Found
since in this case the client that does not had the env var "let-me-in" configured -- the server would throw a 403 error.
http://httpd.apache.org/docs/2.2/mod/core.html#errordocument
a trick -- which I never tested :) is to "redefine" 403 -- to any of this option.
1. output a simple hardcoded error message
2. output a customized message
3. redirect to a local URL-path to handle the problem/error
4. redirect to an external URL to handle the problem/error
since you insist on 404 error to be returned, you could redifined to a resources that is not protected (by the access control that you defined earlier), and make sure that particular page does not exist. Thus, client may get a 404 (Not Found).
i hope this may work :)
cheers.
i had tried to catch 401 error, and redirect to a page that does not exist. however, the server still sends 401 error, together with a 404 (since the redirected page does not exist).
I am not sure if this satisfy you.
==quote from http://httpd.apache.org/docs/2.2/mod/core.html#errordocument
ErrorDocument Directive
Description: What the server will return to the client in case of an error
Syntax: ErrorDocument error-code document
Context: server config, virtual host, directory, .htaccess
Override: FileInfo
Status: Core
Module: core
Compatibility: Quoting syntax for text messages is different in Apache 2.0
I am not sure if this satisfy you.
==quote from http://httpd.apache.org/docs/2.2/mod/core.html#errordocument
ErrorDocument Directive
Description: What the server will return to the client in case of an error
Syntax: ErrorDocument error-code document
Context: server config, virtual host, directory, .htaccess
Override: FileInfo
Status: Core
Module: core
Compatibility: Quoting syntax for text messages is different in Apache 2.0
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER