Custom 403 Error page not showing

I want to restrict access to certain folders (includes, xml and logs for example) and so I've given them 700 permissions, and all files within them 600 permissions. Firstly, is this the right approach to restrict access?

I have a .htaccess file in my root that handles rewriting and error documents. There are two pages in the root - 403.php and 404.php - for 403 and 404 errors. And I have these rules added to my .htaccess file:

ErrorDocument 404 /404.php
ErrorDocument 403 /403.php

Now, the 404 page works just fine. The 403 page does not show when I try to access the 'includes' folder - I get the standard apache 403 error page instead, saying 'Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.'

However, when I try going to the .htaccess file (in the web root) in my browser, I get my custom 403 error page. Why is this happening?

There is only one .htaccess file, and that's in the root directory. I don't have access to httpd.conf as this is on a shared hosting server. I'm not sure how to access the logs - when I attempt to open the 'http' folder within the logs folder in my ftp client, I get Failed to retrieve directory listing

Ah, that's because /var/log/httpd usually has restrictive permissions in most distros because it's a security issue to have it writable. You will need to get a shell account with appropriate privileges on your server if you want to be an effective sysadmin.

I've made the user a shell user, but no cigar. I assume there are some permissions somewhere that I've missed? Is there no way to debug this without accessing those logs?

You also need "sudo" permission for your shell account. The command sudo -s will change you to the root user which will allow you to see that directory. It will also allow you to do anything at all, including deleting the entire server, so double check what you're typing when you are the root user.

Thanks for the help. My error.log has this line: [Fri Nov 18 02:31:36 2011] [crit] [client 117.202.97.45] (13)Permission denied: /home/adorups/adorups.com/includes/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable - I take it apache is searching for a htaccess file within the includes directory, but can't find it because of the file permissions? What can I do about this?

Yes, that is correct. Try chmod +rx includes/ to make that directory readable by all users (which will include the Apache user.) The +x permission allows you to cd into that directory as well as read it and may not be necessary for Apache. +x on files allows you to execute them. You can use more restrictive permissions that achieve the same effect depending on which user and group owns the directory. Probably a good time to read up on Unix File Permissions.

Ah, I do know the basics of file permissions (or so I think). I made the includes directory permissions 700 so that only the local server could cd into it to access php files - this is how I'd like it to be. My confusion lies here - does the includes directory have to be executable by any user for this .htaccess problem to go away? If it's executable by the server (so that the server can check for a .htaccess file in it) isn't that enough?

It needs to be readable (and maybe executable) by the user Apache runs as. If the owner of the directory is different from the user that Apache runs as, you will either need to add group-read permission (g+r) and make the group the same as Apache or make it world-readable so that any user can read it.

The owner and apache user are the same. To make the folder world readable would defeat the purpose. Does this mean I need to make it world readable and deny access by some other method? (say through a .htaccess file instead of file permissions)

let us continue this discussion in chat