Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Apache - Require all denied HTTP status code

I am using Apache 2.4 and I am blocking an access to a specific sub-domain for everyone except one IP address.

.htaccess:

Require all denied
Require ip 111.222.333.444

This returns an "403 Forbidden" status code.

How can I make it return "404 Not Found"?

No-one from outside should know about the existence of this sub-domain. So, from external point of view, I would like to make it "invisible". Thus, everyone who goes to that domain, will receive 404 as if it does not exist.

Is it possible?

like image 779
darxysaq Avatar asked Sep 02 '25 08:09

darxysaq


1 Answers

You can use a RewriteRule:

RewriteCond %{REMOTE_ADDR} !^111.222.333.444$
RewriteRule ^ - [R=404,L]

However, this doesn't really hide the fact a sub-domain exists. It returns a page not found, which is not the same thing. Presumably your subdomain still has a DNS entry, so it can be looked up.

I would also question the need to do this, 403 exists for a reason and I can't see why not to return it. Whether or not you return a 403 or a 404, the site still exists so I don't know what you're trying to achieve. No method would be enough to deter a determined hacker, and it's probably a safer method to deny an ip at server level rather than trying to obfuscate via http redirects.

like image 179
arco444 Avatar answered Sep 04 '25 23:09

arco444