:: insert wisecrack about turning the offenses up to undici, followed by riffle through logs ::

35.198.10.abc - - [09/Jul/2023:23:37:49 -0700] "GET /ebooks/bookcollecting/images/pic42a.jpg HTTP/1.1" 403 8346 "-" "undici" 

with a precisely identical request three days later. Just that one image. Nothing else from that IP until I broaden the net to 35.198, which picks up a single 403 from months ago. (The whole thing turns out to be Google Cloud, so I'm surprised there weren't more.)

The picture, incidentally, turns out to be a photograph of longago scholarly bookseller A. S. W. “Rosy” Rosenbach. Wonder why?

What, exactly, did you mean by “redirects to a custom 403”?

:: now back to swearing at printer, indulging in its favorite pastime of secretly running out of ink only when I particularly need to print something with a deadline ::

"Custom 403" is a misnomer, sorry. It's a basic 403 but I think of it as custom because hard-coded into .htaccess is a brief message, plus a 1x1 hidden graphic, plus a link to a page on a different IP that displays visit variables for e-mailing/troubleshooting. (And it's an IP whose access_log I can also view to see conduct at the other end.)

As expected, the most-unwelcome visitors -- certain countries, Hosts, usual suspects -- don't load the graphic and don't follow the link whereas real people inadvertently 403'd usually do both.

"undici" actually got a whole 'nother custom thing entirely, a 403'esque script to which I 302 The Less Unsavory But Not By Much. But I'll spare you those gory details:)

Got it. My 403 page similarly has a small image and stylesheet so I can--if I feel up to it--flag wrongly blocked humans. It also includes code for logging headers and for what I will forever know as piwik.

The “redirect to custom 403” made me think of an ErrorDocument directive containing a full URL--turning a 403 into a 302--and I was pretty sure you knew better ;)