Designed to bring up a specific error .php page when someone doesnt enter right credentials, but seems to bring up its own. Also protects all my directories regardless of which one it is placed in.
Has 777 permission.
ErrorDocument 401 Mywebsite.com/CustomError.php
AuthName "My Password Protected Site" AuthUserFile
MYwebsite.com/Folder/.htpasswd
AuthType Basic
Require valid-user
# Set REMOTE_USER env variable on 401 ErrorDocument
RewriteEngine On
RewriteBase /
RewriteCond %{ENV:REDIRECT_STATUS} ^401$
RewriteRule .* - [E=REMOTE_USER:%{ENV:REDIRECT_REMOTE_USER}]
Here's what it always says as of now:
Authorization Required
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
I used to have the spefic directories as /folder/file instead of website/folder/file but when i did that, the error page would have this line as well:
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
This line:
ErrorDocument 401 Mywebsite.com/CustomError.php
According to the documentation
URLs can begin with a slash (/) for local web-paths (relative to the DocumentRoot), or be a full URL which the client can resolve. Alternatively, a message can be provided to be displayed by the browser. Examples:
ErrorDocument 500 http://foo.example.com/cgi-bin/tester
ErrorDocument 404 /cgi-bin/bad_urls.pl
ErrorDocument 401 /subscription_info.html
ErrorDocument 403 "Sorry can't allow you access today"
Additionally, the special value default can be used to specify Apache's simple hardcoded message. While not required under normal circumstances, default will restore Apache's simple hardcoded message for configurations that would otherwise inherit an existing ErrorDocument.
ErrorDocument 404 /cgi-bin/bad_urls.pl
<Directory /web/docs>
ErrorDocument 404 default
</Directory>
So you can't have Mywebsite.com/CustomError.php as the second parameter, it's got to be a full URL starting with http://, an absolute path that starts with a /, or a message. You can't have relative paths as the second parameter.
Related
I have a few folders such as php_includes templates and a few others and I am adding a .htaccess file for them all. So far what I have works if the user trys to directly access the file in the address bar, but I'd rather it send it to a 404 page.
IndexIgnore *
# no one gets in here!
deny from all
#error 404
ErrorDocument 404 /error/404.html
Is there something wrong with my .htaccess All I feel like is happening is the deny from all is taking over so the 404 won't work directly. Though I've tried this with a different .htaccess file for the main site, and the 404 isn't working in there either.
Same ErrorDocument as the others but here is how my directory is set up
-.htaccess
--public_html
--error
--404.html
--admin
So maybe I am either getting the ErrorDocument incorrect for my .htaccess that or I have the path directory incorrect. Can someone please explain what the issue here is?
note I am using 000webhost if that matters sometimes I see them doing some silly stuff, and this is just a testing server.
Since you are using deny directive it sends error code 403.
Declare your custom handler for 403:
ErrorDocument 403 /error/404.html
The deny from all directive will generate a 403 error.
So just do this
ErrorDocument 403 /error/404.html
I have a .htaccess file in the root directory and also 404.php file there. Content of my .htaccess file is:
ErrorDocument 404 /404.php
But when I am mis-spelling my url, 404.php is not opening. Instead I am getting following message:
Not Found
The requested URL /mywebsite/ites.php was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to
use an ErrorDocument to handle the request.
But when I tried ErrorDocument 404 google.com, it worked.
I'll consolidate my comments to this answer:
When setting ...
ErrorDocument 404 /404.php
the /404.php path may not be the absolute path to your htdocs folder root but instead the root of your filesystem. This may be, based on your configuration, e.g. /home/htdocs/ or ~ and so on.
So what one need to do is find out the absolute path and set it accordingly.
Where is your 404.php actually located in relation to your .htaccess file? Can you simply run it as a direct URL? Is the file readable by the server? Or is it in a nested subdirectory? You can also try the full URL as well:
ErrorDocument 404 http://mygreat.server/404.php
Full details in the official Apache documentation here.
You use ErrorDocument like so:
ErrorDocument <3-digit-code> <action>
The <3-digit-code> is a HTTP response status code (eg. "404").
And you have three types of <action> that are triggered by what you type:
If the action begins with a "/": A local path to redirect to.
If the action is a valid URL: An external URL to redirect to.
If neither of the above: Text to be displayed. (The text must be wrapped in quotes (" ") if it consists of more than one word.)
For example:
Local path:
ErrorDocument 404 /local/path/to/404.php
External URL:
ErrorDocument 404 http://external_url.example.com/server_error.html
Custom text:
ErrorDocument 404 "Oops! We can't find that pesky file. Sorry."
You've chosen a local path, but are probably not pointing correctly to the file from the server's perspective. Note that local server paths are not what you see in your URL, and often include things like ~/htdocs/www/domainname/.
The problem is most likely that your path to 404.php is wrong, and cannot be found by your server.
I have the directory structure
folder
↳file1(public access)
↳file2(require password)
When I put the following in the .htaccess:
AuthType Basic
AuthName "asdf"
AuthUserFile path/to/.htpasswd
<Files file2>
require user asdf
</Files>
A non-logged in view shows this structure:
folder
↳file1(public access)
How do I provide the non logged in user visibility to file2 so that they know that the file is in fact there, but may have to log in?
In this simple case, I believe you can employ IndexOptions ShowForbidden.
If you get more complicated (like an auth covered directory or you want to show some forbidden but hide the rest), you'll have to resort to other methods (eg, generate your own index then show it, like in #Fred-ii- answer).
In addition to an already given answer (a good option), you can place this in your .htaccess file
ErrorDocument 401 error401.htm
and create a page called error401.htm with anything you want inside it.
That, being in the root of your server.
Use something like:
ErrorDocument 401 /folder/error401.htm
if placed in a different folder.
It could also be 403 depending how you set it up.
The complete list of ErrorDocument(s) are:
400 - Bad request
401 - Authorization Required
403 - Forbidden directory
404 - Page not found
500 - Internal Server Error
Of course, you can use .php as the preferred file extension and I'm leaning more towards using a 403 which is for Forbidden directory
Footnotes:
In some cases, you may need to use a full http:// call:
ErrorDocument 401 http://www.example.com/error401.htm
How do I do this in my .htaccess file for a specific directory in my document root?:
deny all access to anything (including the .htaccess too)
return a 404, not a 403 error
no files or subdirectories should be accessible or detected by humans or bots
only php access by the local host would be allowed
Seems like it would be simple. This works but throws a 403 not a 404:
deny from all
Why not create a custom error page?
deny from all
ErrorDocument 403 /error/404.html
The server will always want to throw a 403 error if someone is not authorized to view the page and that's what you're trying to do. However, you can change the ErrorDocument for error 403 to show an HTML page that says it's a 404 error.
My example has a folder in the root directory named error and an html file in it named 404.html.
Have you tried something like this? This will force a 403 Forbidden error when someone tries to view anything in DIRECTORY. PHP scripts can still access everything inside the directory. Obviously replace DIRECTORY with your preferred directory.
RewriteRule ^DIRECTORY - [F]
I do not like sending some html page that says it's a 404 error when really it is just an html page that may as well be located at Iamafake404error.html
You might try this instead:
Order Deny,Allow
Deny from all
Allow from 1.2.3.4
ErrorDocument 403 /throwaREAL404error.html
ErrorDocument 404 /throwaREAL404error.html
ErrorDocument 500 /throwaREAL404error.html
### never deliver .git folders, .gitIgnore
RewriteRule ^(.*/)?\throwaREAL404error.html+ - [R=404,L]
# 2nd line of defense (if no mod_rewrite)
RedirectMatch 404 ^(.*/)?\throwaREAL404error+
https://serverfault.com/a/510951/194845
I want to take requests for missing files in a specific folder and redirect them to program.php in that folder.
This is a program I will use a lot in different places, and I would prefer to avoid specifying the name of the folder in the htaccess file.
I have tried just putting:
errordocument 404 program.php
but the result is that the browser just prints out "program.php" and doesn't execute program.php.
I understand why this is happening: based on the documentation at http://httpd.apache.org/docs/2.0/mod/core.html, url's that don't begin with a slash or http are interpreted as a text message.
The question is how to get around this limitation to be able to access the same folder.
I ended up using rewriterule instead of errordocument:
rewriteengine on
rewritecond %{request_filename} !-f
rewriterule ^(.+).jpg$ program.php?i=$1.jpg [L]
The second line verifies that the file does not exist, so that existing images will be shown correctly.
You want:
ErrorDocument 404 /program.php
According to the docs, "URLs can begin with a slash (/) for local web-paths (relative to the DocumentRoot)."
Have you tried a (relative or absolute) path?
If you make it relative, it should be to the web root, which might server your purpose.
ErrorDocument 404 /program.php
If you have only a small number of folders, you can probably use:
<Directory /path/a>
ErrorDocument 404 /a/program.php
</Directory>
<Directory /path/b>
ErrorDocument 404 /b/program.php
</Directory>
<Directory /path/c>
ErrorDocument 404 /c/program.php
</Directory>
If that is impractical, then you should only have one program.php in the root and have it respond differently depending on the contents of the REDIRECT_URL environment variable, which is $_SERVER['REDIRECT_URL'] in php.
Why not have one ErrorDocument handle all the errors in all the folders? Might be much cleaner that way. You could then handle the individual case using $_SERVER["REQUEST_URI"] which should contain the original request if I remember correctly.
How about this. In your root path, you set up a generic error.php file. However, all it does is parse the REQUEST_URI, check the path, see whether there is a custom error.php there, and include that. Could work, huh?