Redirect After Error 403
Contents |
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us htaccess redirect 403 forbidden Learn more about Stack Overflow the company Business Learn more about hiring developers or
Redirect 403 To Homepage
posting ads with us Stack Overflow Questions Jobs Documentation Tags Users Badges Ask Question x Dismiss Join the Stack Overflow 403 redirect not working Community Stack Overflow is a community of 6.2 million programmers, just like you, helping each other. Join them; it only takes a minute: Sign up 403 Forbidden error after htaccess redirect up vote
Htaccess 403
0 down vote favorite I have a .htaccess file intended to get images, js and css from the corresponding folders just by getting the file extension. It should always get the files from /img, /js and /css in the root folder. The lines I have for css and js work fine: RewriteRule ^(([a-zA-Z0-9\-\.\/]+)/)?([a-zA-Z0-9\-\.]+).js$ js/$3.js [NC,L] RewriteRule ^(([a-zA-Z0-9\-\.\/]+)/)?([a-zA-Z0-9\-\.]+).css$ css/$3.css [NC,L] But when I try to use a similar line htaccess 403 forbidden for the images I get a 403 "You don't have permission to access /img/ on this server." error: RewriteRule ^(([a-zA-Z0-9\-\.\/]+)/)?(([a-zA-Z0-9\-\.]+).(jpg|png|svg|gif))?$ img/$3 [NC,L] Everything work fine in the home page, but if you try to another page like mydomain.com/contact/ you get the 403 error. Even if you copy and paste the image URL in your browser it opens fine. I tested the regular expression here and it's fine. What could be causing the problem? regex .htaccess http-status-code-403 share|improve this question edited Apr 10 '13 at 11:56 user2109908 asked Oct 18 '12 at 1:58 Luciano García Bes 355214 What does the logs say? –Jon Lin Oct 18 '12 at 6:17 It's a shared server, so I don't have access to the log files. –Luciano García Bes Oct 18 '12 at 15:48 add a comment| 1 Answer 1 active oldest votes up vote 1 down vote accepted RewriteRule ([a-z0-9\-\.]+)\.(js|css)$ $2/$1.$2 [NC,L] RewriteRule ([a-z0-9\-\.]+)\.(jpe?g|png|svg|gif)$ img/$1.$2 [NC,L] share|improve this answer answered Oct 18 '12 at 12:36 Ωmega 21.8k1561117 1 This worked great. Thanks. –Luciano García Bes Oct 18 '12 at 15:49 add a comment| Your Answer draft saved draft discarded Sign up or log in Sign up using Google
is a serious security risk. What the?! You mean if I go to my website which has a “scripts” folder where I put all my JavaScript and
Htaccess Permanent Redirect
I have directory browsing disabled (as I rightly should) and the server returns
404 Redirect
a 403 “Forbidden” (which it rightly should), I’m putting my internet things at risks of being pwned?! Yes, because it 403 forbidden error fix discloses the presence of a folder called “scripts” which is a common directory. Well of course there’s a bloody folder called “scripts”, all my HTML source which you can see references it! I http://stackoverflow.com/questions/12946007/403-forbidden-error-after-htaccess-redirect could call it “i-love-drunken-elephants” and you could still see it so what’s the point?! But it would still return a 403 which would confirm the existence of the resource and pose a directory enumeration risk. But you can discover the presence of the directories anyway! Ok, in today’s modern apps like ASP.NET MVC they might actually be routes that don’t translate through into physical paths but https://www.troyhunt.com/solving-tyranny-of-http-403-responses/ still, this is just being pedantic! Your site can’t go live until you fix it. Uh, let me just fix that for you… Getting to grips with the underlying issue This is one of those things that rightly or wrongly, I’ve seen popping up from various security teams and automated scanners in recent times. You can argue it all you want (and the severity of it is contentious), but the fact that it rears its’ head and causes debate is enough to just fix the damn thing and be done with it. Oh – and incidentally, I ran a Netsparker over Have I been pwned? (HIBP) recently and this was one of the findings so yeah, it affects me too (although I have the luxury of choosing to ignore it if I like!) Let me show you why this happens: in the source of each page I have a script tag like this: This is actually using ASP.NET bundling and minification to combine multiple scripts into one and then squish all the JavaScript, but what it means is that it’s implying there is a path which is simply “/scripts”. If we hit that path we
custom error pages using .htaccess rule Sometimes while browsing sites on the web, you must have noticed that some http://burnignorance.com/web-development-tips/redirect-403-404-error-pages-to-the-custom-error-pages-using-htaccess-rule/ links show errors like: - You don’t have permission to access the http://drupal.stackexchange.com/questions/165884/how-to-redirect-an-anonymous-user-to-the-login-form-after-a-403-error page. - The requested URL /test.php is not found on this server. Here is an example: http://phpnuke.org/test.php Here it shows your server info and port. This is a server generated message. For each type of error, the server shows a static HTML page. However, to make your site more 403 forbidden attractive you can create you own customized page and show it in your web application instead of showing the system generated message. Also you can redirect the user to the index page. This can be handled by using .htaccess file. Steps: Create your own customized error pages for 404 or 403 or any other error type. You can create it with redirect after error your own logo and content. Create the .htaccess file in the root virtual directory and write the following code in the .htaccess file. ErrorDocument 404 404.html ErrorDocument 403 403.html
If you want to show your index page, if any of the 404 or 403 error occurs. Then write the following line in your htaccess file. ErrorDocument 404 index.html ErrorDocument 403 index.html Here are some websites, those uses their own customized error page. http://us.php.net/manual/en/test http://php.resourceindex.com/test Examples of server error code: 400 Bad Request 401 Unauthorized 402 Payment Required 403 Forbidden 404 Not Found Reference for server error code: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html Supriti Panda, Sr Developer, Mindfire Solutions. Related Tags: .htaccess, Redirection, Server Error, web development Author : Supriti Panda Leave a Reply Click here to cancel reply. Name (required) Mail (will not be published) (required) Website Enter Captcha Code * four + 5 = Burn Ignorance is a knowledge initiative by Mindfire Solutions Subscribe With Us Subscribe Subscribe to our mailing list to get the updates to your email inbox... Burn Ignorance is a knowledge initiative by Mindfire Solutions © Copyright Burn Ignorance 2007-2016.here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers or posting ads with us Drupal Answers Questions Tags Users Badges Unanswered Ask Question _ Drupal Answers is a question and answer site for Drupal developers and administrators. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top How to redirect an anonymous user to the login form after a 403 error? up vote 11 down vote favorite 7 I want to redirect an anonymous user to the login form if such user encounters a 403 error. I have created event subscriber and this is my code, but I end up on loop on the current page. /** * Redirect anonymous user to login page if he encounters 404 or 403 * response. * * @param \Symfony\Component\HttpKernel\Event\GetResponseEvent $response * The created response object that will be returned. * @param string $event * The string representation of the event. * @param \Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher $event_dispatcher * Event dispatcher that lazily loads listeners and subscribers from the dependency injection * container. */ public function checkLoginNeeded(GetResponseEvent $response, $event, ContainerAwareEventDispatcher $event_dispatcher) { $routeMatch = RouteMatch::createFromRequest($response->getRequest()); $route_name = $routeMatch->getRouteName(); $is_anonymous = \Drupal::currentUser()->isAnonymous(); $is_not_login = $route_name != 'user.login'; if ($is_anonymous && $route_name == 'system.403' && $is_not_login) { $query = $response->getRequest()->query->all(); // $query['destination'] = $routeMatch->getRouteObject()->getPath(); $query['destination'] = \Drupal::url('