mod rewrite and 403 Errors - Apache Web Server forum at WebmasterWorld - WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

mod rewrite and 403 Errors

internal 403 vs custom 403 errors using mod_rewrite

modean987

2:07 am on Aug 24, 2007 (gmt 0)

10+ Year Member

I'm having a bit of a problem with mod_rewrite and the 403 error code. It appears that when the 403 error code is invoked, it is Apache's hard-coded error message, and not my custom page.

Here's the particulars


httpd.conf:
DocumentError ErrorCode /errors/ErrorCode.php

htaccess in documentroot:


RewriteEngine On
RewriteRule ^(403\.php¦robots\.txt)$ - [L]
RewriteBase /
RewriteCond %{REMOTE_ADDR} ^127\.0\.0\.1
#RewriteRule .* - [F,L]
RewriteRule!^403\.php$ - [F,L]

error_log says that, "Request exceeded the limit of 10 internal redirects due to probable configuration error." so I know I'm in that 403 loop I've read about.

However, I don't understand why I'm in a loop, and why Apache is displaying its internal error message instead of my custom one


Forbidden
You don't have permission to access /home.php on this server.
Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.

Any pointers/help would be *much* appreciated.

P.S. Why do three consecutive x's convert to #*$! on his forum?

-Al

jdMorgan

2:29 am on Aug 24, 2007 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

I assume that this is "pseudo-code":

 DocumentError ErrorCode /errors/ErrorCode.php

and that the actual httpd.conf line for a 403 reads:

 ErrorDocument 403 /errors/403.php

Note that it must read "ErrorDocument" and not "DocumentError"

If that is the case, the following code is both redundant and incorrect. It should be either


RewriteEngine on
RewriteBase /
#
# Deny access to 127.0.0.1, except for custom 403 error page
RewriteCond %{REMOTE_ADDR} ^127\.0\.0\.1
RewriteRule !^errors/403\.php$ - [F]

-or-


RewriteEngine on
RewriteBase /
#
# Exit mod_rewrite if request for custom 403 error page or robots.txt
RewriteRule ^(errors/403\.php¦robots\.txt)$ - [L]
#
# Else deny access to 127.0.0.1
RewriteCond %{REMOTE_ADDR} ^127\.0\.0\.1
RewriteRule .* - [F]

Note that [F] implies [L] -- [F,L] is also redundant.

As to why you were looping, the reason is that the access exceptions in your code did not contain the same URL-path as defined for the custom 403 error page: The "error/" path-part was missing. Therefore, the request for the actual custom 403 error page was also being denied, so you got a loop.

Replace the broken pipe "¦" characters above with solid pipe characters before use; Posting on this forum modifies the pipe characters. Posts on this forum are also filtered for character sequences which indicate objectionable words or domain names; You can use "***", "xyz", or "nnn" to indicate 'obscured' characters.

Jim

modean987

3:24 am on Aug 24, 2007 (gmt 0)

10+ Year Member

Thank you for your help, Jim. You have no idea how long I've been working on this little snippet!

You are correct in that I was using psuedo-code for the DocummentError line in httpd.conf, and that I got the command backwards. That'll teach me to be literal when I give a code example. :-)

It seems I was tripping over


RewriteRule!^errors/403\.php$ - [F]

Somewhere in all the reading, trying, re-reading, re-coding, my eyes and brain cells crossed and I dropped the directory prefix altogether. In my original attempts, I was preceding the directory with a forward slash. It seemed the logical thing to do, but obviously, it doesn't work that way. :-)

-Al

g1smd

8:37 am on Aug 24, 2007 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

The URL available to the RewriteRule has the domain and first "/" missing when in .htaccess but includes the leading "/" when in http.conf.

You could have left off the leading ^ to match any file named 403.php or robots.txt located in any folder.

There are always multiple ways to get the job done, but some may have flaws or unintended consequences.