Menu
Is there a way how I can configure the Apache web server to return a 404 (not found) error code instead of 403 (forbidden) for some specific directories which I want to disallow to be accessed?
I found some solutions suggesting the use of mod_rewrite, like e.g.
RewriteEngine On RewriteRule ^.*$ /404 [L] As the purpose of sending 404 instead of 403 is to obfuscate the directory structure, this solution is too revealing, because it redirects to some different location which makes it obvious that the directory originally accessed does in fact exist.
949
The three status codes that felt the most appropriate are: 401 - Unauthorized. 403 - Forbidden. 404 - Not Found.
HTTP 403 is an HTTP status code meaning access to the requested resource is forbidden. The server understood the request, but will not fulfill it.
RedirectMatch as in e.g.
RedirectMatch 404 /\. does the trick, it prohibits access to all files or directories starting with a dot, giving a "404 Not Found" error.
From the Apache manual: "The Redirect[Match] directive maps an old URL into a new one by asking the client to refetch the resource at the new location." By default, Redirect sends a 302 return code, but it can also return other status codes as shown above.
178
You can make something like this:
.htaccess
ErrorDocument 403 /error/404.php
404.php
<?php $status = $_SERVER['REDIRECT_STATUS'] = 404; header( $_SERVER['SERVER_PROTOCOL'] . ' ' . $status); ?> 404 Error If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
