1

Is there a way to serve 404 instead of 403 when matched with "deny from"?

For example:

<Files *>
order deny,allow

deny from 127.0.0.1
</Files>

This will normally server a 403. But I want to server 404.

Rohit Gupta
  • 2,721
  • 18
  • 27
  • 35
Raheel Hasan
  • 143
  • 2
  • 11
  • What is the reason for this? It may help come up with a better solution to know your reasoning. – Kruug Apr 29 '13 at 15:08
  • 1
    Because I want to not even let them know that the content actually exists ! if a miscreant behind the blocked IP sees its 403, you can only imagine his motivations are going up.. – Raheel Hasan Apr 29 '13 at 15:10

2 Answers2

2

You can be proactive about returning 404s if you know which files will 403:

RedirectMatch 404 ".*\/\..*"

will return a 404 for all files which start with a ., such as .htaccess. I don't think this will serve as a global "transform all 403s into 404s", however.

https://stackoverflow.com/questions/1486304/is-there-a-way-to-force-apache-to-return-404-instead-of-403
https://stackoverflow.com/questions/548156/problem-redirecting-403-forbidden-to-404-not-found

Community
  • 1
Darth Android
  • 37,872
  • 5
  • 94
  • 112
  • Thanks but this is very specific to details. And my question is related to `deny from ip`. How to put both of these things together? – Raheel Hasan Apr 29 '13 at 15:32
  • @RaheelHasan If you have specific IPs you want to do a global block against (`` -> `deny from `), then you should be dropping the packets at the firewall (`iptables -A INPUT --s -j DROP`) so that they can't even touch the webserver. If you want to be specific about only `403`s, then you might need to run some sort of proxy in front of apache. – Darth Android Apr 29 '13 at 15:45
  • You could proxy the apache server with `nginx` and then configure `nginx` with `proxy_intercept_errors on;` and `error_page 403 =404;` when the requests come from the appropriate IPs – Darth Android Apr 29 '13 at 15:46
  • I like your ideas.. but I am on a shared hosting, so cant do all those things.... but thanks anyway.. – Raheel Hasan Apr 29 '13 at 16:12
0

The only way I know how to do it is in the backend code.

On my system, access to downloadable files is done via one particular php file. This creates a page with a link that expires after a few minutes. For me, it would be easy.

If you have a backend, where access to files is routed via one or more files then you can check the ipaddress in there and raise 404.

Rohit Gupta
  • 2,721
  • 18
  • 27
  • 35