redirect 403 forbidden

Forum Moderators: phranque

Message Too Old, No Replies

redirect 403 forbidden

redirecting 403 directory reads up a directory until a valid doc is found

broniusm

3:04 pm on Sep 2, 2005 (gmt 0)

Does this look ok?


[b].htaccess[/b]
ErrorDocument 403 /403handler.php


[b]403handler.php[/b]
<?php
// This script will recursively send the visitor from a 403 up a directory until eventually the visitor will hit a valid directory with index.php (if not just down to site root: /index.php)
header("HTTP/1.0 403 Forbidden");
header("Location: ..");
?>

It appears to handle ok in FF1.0.6 and IE6.. I kept 403 in there b/c that's why the doc has been redirected, but will that in fact confuse the browser/bot by saying that the document it's looking at is 403?

I tried a similar .htaccess implementation but couldn't figure out how to turn on mod_rewrite.c in my config..!

broniusm

3:10 pm on Sep 2, 2005 (gmt 0)

btw: here's what the error log looks like in a three-deep up-directory redirect!

[Fri Sep 02 09:52:09 2005] [error] [client 209.189.225.17] Directory index forbidden by rule: /XXX/httpdocs/baddir1/baddir2/baddir3/
[Fri Sep 02 09:52:09 2005] [error] [client 209.189.225.17] Directory index forbidden by rule: /XXX/httpdocs/baddir1/baddir2/
[Fri Sep 02 09:52:09 2005] [error] [client 209.189.225.17] Directory index forbidden by rule: /XXX/httpdocs/baddir1/

..and of course the following request was satisfied at httdocs with /index.php (or index.html if you have that, etc).

jd01

5:05 pm on Sep 2, 2005 (gmt 0)

Not sure what you mean by confuse... It will correctly tell the browser/bot that the currect document is a 403 and will only be called if a 403 is issued initially by Apache... The only issue you might have is if Apache and PHP are both issuing a 403, but that really should not be too bad - Forbiden is Forbiden.

I personally do not like custom error docs, or redirects, but what you have appears fine - If you still have questions, run a header check on a page/directory that will recieve the error and see what kind of results you get.

Justin

broniusm

7:04 pm on Sep 2, 2005 (gmt 0)

Interesting-- thanks for the tip!

The header-check tool [searchengineworld.com] reports back 301 and 302 depending if I have a trailing slash on my 403 directory or not.. I imagine if I did my updir trickery I should use a rewrite in .htaccess, which may return a more "system level" proper response.

Should I be concerned that the tool is not reporting the 403? (on the surface, more important to me is to always throw up a user-friendly error page: I redirect my 404s and now 403s as well).

jd01

10:16 pm on Sep 2, 2005 (gmt 0)

Should I be concerned that the tool is not reporting the 403

Yes. 302 is technically an undefined redirect, and SEs will *correctly* keep requesting that URL proir to being redirected to see if the redirect has been defined or if there have been changes to the source. If SEs are a concern, I would make sure I served the proper status code first, then figure out how to make that work for a user...

You might try setting a timed refresh to the new location, or a physical link, so the status code is interpreted correctly, and the page will not be indexed.

Justin