Hi people, i'm basically a noob of mod rewrite.

I would like to write a rule that matches any 403 error and rewrites it as a 404.

I'm able already to do that for a specific directory with such a rule:

RewriteRule ^/WebSite/img$ /error/404_403.php
RewriteRule ^/WebSite/img/$ /error/404_403.php

/error/404_403.php is purposely a non-existant file

That rule will return a 404 instead of the 403 Forbidden for the existing directory

as you can see i had to write two rules with and without the ending / to handle both cases

What i would like to write is one global rule that rewrites any 403 forbidden to a 404 not found.

Please note that is not enough to serve custom error pages, such as:

ErrorDocument 403 /error/404_403.php
ErrorDocument 404 /error/404_403.php

with an existing and proper 404 error page, as with the appropriate curl flags (and with many other tools) a remote attacker will still be able to see the true http response, wich will still be 403:

< HTTP/1.1 403 Forbidden
< Date: Thu, 04 Nov 2010 14:42:52 GMT
< Server: Apache/2.2.8 (CentOS)
< X-Powered-By: PHP/5.2.10
< Content-Length: 202
< Connection: close
< Content-Type: text/html; charset=ISO-8859-1
< 
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

<html><head>

<title>404 Not Found</title>

</head><body>

<h1>Not Found</h1>

<p>The requested URL was not found on this server.</p>

My purpose is to completely hide the existence of any resource (file or folder) wich access is and should normally result 403: Forbidden!

Please be patient with my poor english

Thanks a lot for any kind of help

Marco