Problem redirecting 403 Forbidden to 404 Not Found
Solution 1
I can understand why the /include isn't caught by your RedirectMatch, you aren't making the end '/' optional, however the /include/config.inc part is a bit on the puzzling side.
Here is what I got to work on Apache 2.2:
<FilesMatch /include(/?|/.*)>
Order allow,deny
Deny from all
</FilesMatch>
RedirectMatch 404 ^/include(/?|/.*)$
This handles these cases:
/include 404
/include/ 404
/include/config.inc 404
I had to change the FilesMatch part in order for the /include part to work properly.
EDIT:
The match line also works without the <FilesMatch> section in .htaccess and gives the expected results.
Solution 2
Another possibility is not to bother matching the whole path:
RedirectMatch 404 ^/include
If there are publicly visible URL paths that might start with "/include" (say, "/includeMe"), a small addition will separate the private from the public URLs:
RedirectMatch 404 ^/include(/|$)
Solution 3
With rewrite mod:
RewriteEngine on
RewriteCond %{THE_REQUEST} ^.*/\.
RewriteRule ^(.*)$ - [R=404]
Every file or dir who begin with a dot will be redirected to 404.
/myDir/.svn => 404
/.gitignore => 404
/dir1/dir2_dir3/
Or to change all 403,400 errors into 404 errors, put this at the end of /etc/apache2/conf.d/localized-error-pages OR into a .htaccess
# Will raise a 404 error, because the file <fake_file_for_apache_404.php> doesn't exist.
# We change 403 or 400 to 404 !
ErrorDocument 400 /fake_file_for_apache_404.php
ErrorDocument 403 /fake_file_for_apache_404.php
# We need to rewrite 404 error, else we will have "fake_file_for_apache_404.php not found"
ErrorDocument 404 "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL <script type=\"text/javascript\">document.write(document.location.pathname);</script> was not found on this server.</p></body></html>"
ErrorDocument 500 "Server in update. Please comme back later."
Solution 4
Don't you want '^/include(/.*)?$'
This part is a guess, but what would happen if you put the RedirectMatch above the block. That way you wouldn't by denying (forbidding) access to a request before you redirect that request to 404.
Kevin Loney
Updated on June 24, 2020Comments
-
Kevin Loney almost 4 years
The pertinent part of my .htaccess looks like this:
Options -Indexes <FilesMatch include> Order allow,deny Deny from all </FilesMatch> RedirectMatch 404 ^/include(/.*)$
And it's generating the following responses:
- /include 403
- /include/ 404
- /include/config.inc 403
I can tell by looking at my pattern that problem is likely in the (/.*) part but everything I have tried gives me the same results; instead of consistently getting 404 I get a 404 for the one case and 403 for everything else. What is wrong with the expression I'm using? Alternatively since I have to do this for a few directories is there a blanket approach that would allow me to convert all 403 responses to 404?
UPDATE: I've found that by removing the FileMatch I get better results, so my .htaccess now looks like this:
Options -Indexes RedirectMatch 404 ^/include(/.*)?$ # Added dlamblin's first suggestion
And generates the following responses:
- /include 404
- /include/ 404
- /include/config.inc 403
UPDATE: Interestingly enough I have discovered that the following produces different output:
RedirectMatch 404 ^/include(/?|/.*)$ RedirectMatch 404 ^/template(/?|/.*)$
The template pattern works on all cases however include is still generating 403 for all files in include (e.g. /include/config.inc) Could this be an issue with the directory name and not a problem with the .htaccess file itself?
UPDATE: The following in my .htaccess was conflicting with redirect when accessing /include/config.inc.
<FilesMatch config> Order allow,deny Deny from all </FilesMatch>
-
Kevin Loney about 15 yearsThere has to be something else causing the problem because using this /include/config.inc still generates a 403. I'm going to do some digging in my httpd.conf and see if something there is interfering.
-
Frank Nocke over 8 yearsWhat would be wrong about
RewriteRule ^/include(/?|/.*)$ - [R=404,NC,L]
? -
Awaaaaarghhh about 4 years@bryan-rehbein it doesn't work for "include/.php" and "include/.htaccess", it returns 403 instead of 404