htaccess Customized 403 Forbidden page not always working
I have a custom 403 page that works when I want to block specific pages, but it doesn't work when I want to match a specific HTTP_REFERER.
With the specific HTTP_REFERER I get the regular 403, To test the HTTP_REFERER I added a link on another site "mysite.com" towards this project, when I click on the link I get the server 403 response:
But I open my test page "forbidden-test" I do get my customized forbidden.php page
This is what I have in the htaccess, form the following example only RewriteRule ^forbidden-test$ - [F] works by showing my customized 403 page:
Options All -Indexes
# prevent folder listing
IndexIgnore *
RewriteEngine on
RewriteCond %{HTTP_REFERER} \
... (there are many here)
mysite\.com|\
[L,NC]
RewriteRule .* - [F]
#spam blacklist end
RewriteCond %{HTTP_USER_AGENT} \
12soso|\
192\.comagent|\
1noonbot|\
1on1searchbot|\
3de\_search2|\
3d\_search|\
3g\ bot|\
... (there are many here)
zyte\
[NC]
RewriteRule .* - [F]
#bad bots end
#Forbidden Test
RewriteRule ^forbidden-test$ - [F]
#ERRORS
RewriteRule ^forbidden/?$ forbidden.php [L,QSA]
ErrorDocument 403 /forbidden
Any thoughts? Thanks
Pay attention to what that default error message is actually saying:
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Access to your custom error document is blocked. The internal request for that, goes through all of the rewriting again; and because the referrer of the original request is (still) wrong, access to your 403 document is forbidden now.
You need to add an exception to this referrer check, so that it allows access to your error document.
Easiest way here is probably to just put a rule at the very top, to do nothing, when this particular document is requested:
RewriteRule ^forbidden\.php$ - [L]
The - is a “non-rewrite”, it simply does nothing. The [L] flag is important here, to say “don’t process any other rules in this round.”
Also, since your error document seems to be a PHP script, you should define it like this directly,
ErrorDocument 403 /forbidden.php
Otherwise, this needs an extra round of rewriting, from /forbidden to /forbidden.php, and there is really no good reason for that.
- Installing Tensorflow 1.9 offline and manually
- How can I have a permanent status line showing the name of the current file?
- Is it okay to use custom defaultProps in function?
- Implement counting variable with lambda expression java
- Visual Studio 2015 Git "Failed to start the configured compare tool."
- How to solve error HE0004: Could not load the framework 'ContentDeliveryServices' in Visual Studio 2022
- Is it possible to place a macro in a namespace in c++?
- Gitlab CICD: use functions inside gitlab-ci.yml
- Angular2 set value for formGroup
- Setting min date in jQuery datepicker
- ERR_CONTENT_LENGTH_MISMATCH on nginx and proxy on Chrome when loading large files
- What is the `𝜋thon` executable?
- Get hosted zone for cloudfront distribution
- Pushing result from promise.all into an array
- How to group combined AND with OR statements using the Sequel GEM in Ruby?
- Why are there backslashes before keywords in this Bash function?
- AttributeError: module 'builtins' has no attribute 'interpreter'
- How do you bill your web services?
- Azure Monitor unable to read Data Factory Self Hosted IntegrationRuntime (SHIR) metrics
- PAYEE_NOT_ENABLED_FOR_CARD_PROCESSING - Error when creating an order with payment information to be processed with Paypal
- CSS native variables not working in media queries
- JQuery ajax call default timeout value
- recursively use scp but excluding some folders
- How do I customize text color in IPython?
- how to use sass using in vuejs3/vite
- Docker login on ECR fails with 400 Bad Request on Powershell from Jenkins
- Linux as Build Target on Delphi FMX
- Extending OCaml Module
- Is there a Numpy method or function to split an array of uint64 into two arrays of uint32
- Kill already in use binding tcp connection