If you don't have complex conditions and you're running the recommended version of apache (2.2), use a simple Redirect directive (mod_alias)

Redirect 403 /URL-path/to/deny

If you cannot avoid using mod_rewrite, use the

[F]

flag or, if you're on 2.2,

[R=403]

(or F which is a macro for R=403 there).

I have a requirement where if incoming request doesn’t contain cookie named “SecuityFlag” then user should be forbidden from accessing HTML files.I am new to Apache and I got following code by googling and R&D.

<FilesMatch "\.(html)$">
RewriteEngine on
Rewritecond %{http_cookie} !^.* SecuityFlag *
RewriteRule ^(.*)$ www.google.com
</FilesMatch>

This code work fine but it has following two problems
(1)On RewriteRule I want to throw 403
(2)Currently RewriteRule only able to forward request to external URL like www.google.com. Instead of that if I try to forward to \error.html, it throws 400 error.

Please review my above code and let me what changes I need to do.

RewriteEngine on
RewriteCond %{HTTP_COOKIE} !SecuityFlag
RewriteCond %{REQUEST_URI} !^/[i]path-to-403-error-document.html[/i]$
RewriteRule \.html$ - [F]

Eliminated redundant pattern anchoring, added loop-stopper RewriteCond for use in .htaccess or config <Directory> section, made rule pattern more specific to eliminate redundant <FilesMatch>.

Note spelling of "SecuityFlag" as in your post above. Is that supposed to be "SecurityFlag?"

Jim

Thanks Jim! I applied this solutions and it’s working fine.

I have another requirement where I need to exempt around 10 HTML pages from this RewriteRule. In future, I may like to add some more files in exempted list. How to achieve this? Can I provide a file which contain list if URLs/files to be exempted?

Following is my actual code, what I need to add?

RewriteEngine on
RewriteCond %{HTTP_COOKIE} !JSESSIONID
RewriteRule \.html$ - [F]

Add ten more RewriteConds, then:

RewriteCond %{REQUEST_URI} !^/exempt1\.html$
.
.
.
RewriteCond %{REQUEST_URI} !^/exempt10\.html$

Jim

Thanks Jim!