Problem redirecting 403 Forbidden to 404 Not Found

apache .htaccess mod-rewrite http-status-code-404 http-status-code-403
34,911

Solution 1

I can understand why the /include isn't caught by your RedirectMatch, you aren't making the end '/' optional, however the /include/config.inc part is a bit on the puzzling side.

Here is what I got to work on Apache 2.2:

<FilesMatch /include(/?|/.*)>
    Order allow,deny
    Deny from all
</FilesMatch>

RedirectMatch 404 ^/include(/?|/.*)$

This handles these cases:

/include 404
/include/ 404
/include/config.inc 404

I had to change the FilesMatch part in order for the /include part to work properly.

EDIT:

The match line also works without the <FilesMatch> section in .htaccess and gives the expected results.

Solution 2

Another possibility is not to bother matching the whole path:

RedirectMatch 404 ^/include

If there are publicly visible URL paths that might start with "/include" (say, "/includeMe"), a small addition will separate the private from the public URLs:

RedirectMatch 404 ^/include(/|$)

Solution 3

With rewrite mod:

RewriteEngine on

RewriteCond %{THE_REQUEST} ^.*/\.
RewriteRule ^(.*)$ - [R=404]

Every file or dir who begin with a dot will be redirected to 404.

/myDir/.svn => 404
/.gitignore => 404
/dir1/dir2_dir3/

Or to change all 403,400 errors into 404 errors, put this at the end of /etc/apache2/conf.d/localized-error-pages OR into a .htaccess

# Will raise a 404 error, because the file <fake_file_for_apache_404.php> doesn't exist.
# We change 403 or 400 to 404 !
ErrorDocument 400 /fake_file_for_apache_404.php
ErrorDocument 403 /fake_file_for_apache_404.php
# We need to rewrite 404 error, else we will have "fake_file_for_apache_404.php not found"
ErrorDocument 404 "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL <script type=\"text/javascript\">document.write(document.location.pathname);</script> was not found on this server.</p></body></html>"
ErrorDocument 500 "Server in update. Please comme back later."

Solution 4

Don't you want '^/include(/.*)?$'

This part is a guess, but what would happen if you put the RedirectMatch above the block. That way you wouldn't by denying (forbidding) access to a request before you redirect that request to 404.

Share:
34,911
Kevin Loney
Author by

Kevin Loney

Updated on June 24, 2020

Comments

  • Kevin Loney
    Kevin Loney almost 4 years

    The pertinent part of my .htaccess looks like this:

    Options -Indexes
<FilesMatch include>
    Order allow,deny
    Deny from all
</FilesMatch>
RedirectMatch 404 ^/include(/.*)$

    And it's generating the following responses:

    • /include 403
    • /include/ 404
    • /include/config.inc 403

    I can tell by looking at my pattern that problem is likely in the (/.*) part but everything I have tried gives me the same results; instead of consistently getting 404 I get a 404 for the one case and 403 for everything else. What is wrong with the expression I'm using? Alternatively since I have to do this for a few directories is there a blanket approach that would allow me to convert all 403 responses to 404?

    UPDATE: I've found that by removing the FileMatch I get better results, so my .htaccess now looks like this:

    Options -Indexes
RedirectMatch 404 ^/include(/.*)?$ # Added dlamblin's first suggestion

    And generates the following responses:

    • /include 404
    • /include/ 404
    • /include/config.inc 403

    UPDATE: Interestingly enough I have discovered that the following produces different output:

    RedirectMatch 404 ^/include(/?|/.*)$
RedirectMatch 404 ^/template(/?|/.*)$

    The template pattern works on all cases however include is still generating 403 for all files in include (e.g. /include/config.inc) Could this be an issue with the directory name and not a problem with the .htaccess file itself?

    UPDATE: The following in my .htaccess was conflicting with redirect when accessing /include/config.inc.

    <FilesMatch config>
    Order allow,deny
    Deny from all
</FilesMatch>
  • Kevin Loney
    Kevin Loney about 15 years
    There has to be something else causing the problem because using this /include/config.inc still generates a 403. I'm going to do some digging in my httpd.conf and see if something there is interfering.
  • Frank Nocke
    Frank Nocke over 8 years
    What would be wrong about RewriteRule ^/include(/?|/.*)$ - [R=404,NC,L] ?
  • Awaaaaarghhh
    Awaaaaarghhh about 4 years
    @bryan-rehbein it doesn't work for "include/.php" and "include/.htaccess", it returns 403 instead of 404

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Redirect all Apache 2.2 403 Forbidden to 404 Not Found
Is there a way to force apache to return 404 instead of 403?
.htaccess in Subfolder not working
Apache .htaccess to redirect index.html to root, why FollowSymlinks and RewriteBase?
Mod_rewrite on WAMP 2.4
URL Rewriting on Localhost? Apache PHP
.htaccess file not working on Ubuntu 14.04 with apache2
RewriteCond not working on force https for HTTP_HOST
only default permalinks working wordpress others become 404 error
CodeIgniter .htaccess index.php rewrite not working on user directory