[users@httpd] ErrorDocument doesn't work with non-pathed (root) URL?

[Ian Veach <IV...@nshe.nevada.edu>]

I've got a virtual server with Wordpress installed in it (base dir install).  Apache 2.4.6 (latest for RHEL).  Apps group has a requirement that their entire site be protected (only certain "users" can access), and so a complex RequireAny was set up.  That has been working fine for some time.

Now, the  application group would like to add a custom page for any 403 for people who do not meet the RequireAny requirements.  I've added an ErrorDocument (pointing to a different vserver, since this site is otherwise protected from even serving a 403).  That directive does get triggered, so I know it's working.  But it only gets triggered when some pathing is used (e.g. https://FQDN/path/file) with the vserver name.   If I browse to https://FQDN or https://FQDN/, The ErrorDocument does not seem to get triggered.  Why?

More details:

For this question, I'm protecting the name of the server, and using www.foo.com and www.bar.com.

Apache 2.4, with typical LAMP and a variety of virtual servers. I've verified with find/grep there are no other ErrorDocument directives in other [base/parent] config files. Virtual server (root) is protected with a complex RequireAny, which works fine - requires a certain IP set or Referer (yes, I know - client insisted). In my virtual server config file, I have the following:

ErrorDocument 403 https://www.bar.com/something-went-wrong/

The vserver runs wordpress, so there's a .htaccess (with no ErrorDocument directive, but probably a plugin), but I believe the vserver config takes precedence in either case, anyway.

Testing:

For testing, I modified the RequireAny to exclude my IP (so I get the 403). When I try things like this:
     www.foo.com/nosuchfile
     www.foo.com/direxists/file.exists<http://www.foo.com/direxists/file.exists>

the ErrorDocument directive works GREAT and AS EXPECTED (takes me to bar.com/something-went-wrong):

However, when I try things like this (base FQDN, with or without the ending /):
    www.foo.com
    www.foo.com/<http://www.foo.com/>

it results in the dreaded
     Forbidden
     You don't have permission to access / on this server.

    Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

Is there a known reason ErrorDocument might not handle the base FQDN case? It seems like the ErrorDocument directive works except for those cases (and I need it to).  I've even tried moving the ErrorDocument directive to the base httpd.conf, and still no joy.  Logs don't seem to show anything useful.


Thanks for any assistance!


cheers and thanks,
Ian 'ivo' Veach, Senior Systems Analyst
System Computing Services, Nevada System of Higher Education

PUBLIC RECORDS NOTICE: In accordance with NRS Chapter 239, this email and responses, unless otherwise made confidential by law, may be subject to the Nevada Public Records laws and may be disclosed to the public upon request.