.htaccess deny all, including the htaccess file and display 404 - how do I do it?
Solution 1
Why not create a custom error page?
deny from all
ErrorDocument 403 /error/404.html
The server will always want to throw a 403 error if someone is not authorized to view the page and that's what you're trying to do. However, you can change the ErrorDocument for error 403 to show an HTML page that says it's a 404 error.
My example has a folder in the root directory named error and an html file in it named 404.html.
Solution 2
Have you tried something like this? This will force a 403 Forbidden error when someone tries to view anything in DIRECTORY. PHP scripts can still access everything inside the directory. Obviously replace DIRECTORY with your preferred directory.
RewriteRule ^DIRECTORY - [F]
Solution 3
I do not like sending some html page that says it's a 404 error when really it is just an html page that may as well be located at Iamafake404error.html
You might try this instead:
Order Deny,Allow
Deny from all
Allow from 1.2.3.4
ErrorDocument 403 /throwaREAL404error.html
ErrorDocument 404 /throwaREAL404error.html
ErrorDocument 500 /throwaREAL404error.html
### never deliver .git folders, .gitIgnore
RewriteRule ^(.*/)?\throwaREAL404error.html+ - [R=404,L]
# 2nd line of defense (if no mod_rewrite)
RedirectMatch 404 ^(.*/)?\throwaREAL404error+
https://serverfault.com/a/510951/194845
Inator
Updated on June 05, 2022Comments
-
Inator almost 2 years
How do I do this in my .htaccess file for a specific directory in my document root?:
- deny all access to anything (including the .htaccess too)
- return a 404, not a 403 error
- no files or subdirectories should be accessible or detected by humans or bots
- only php access by the local host would be allowed
Seems like it would be simple. This works but throws a 403 not a 404:
deny from all