You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Eric Covener <co...@gmail.com> on 2010/07/26 02:30:56 UTC
Re: [users@httpd] how to make ErrorDocument apply to https:// site as
well?
> A little more potentially useful information:
> The 403 forbidden message that comes up when I try to access an https:// URL
> also says:
> "Additionally, a 403 Forbidden error was encountered while trying to use an
> ErrorDocument to handle the request."
>
> So apparently Apache is *applying* the ErrorDocument directive to https://
> requests, it's just not able to find the /banned_ip.php file when doing so.
No, not "not able to find". How did you "ban" the IP and how do you
expect Apache to be able to serve the errordocument for the banned IP?
>
> So since my directive says
> ErrorDocument 403 /banned_ip.php
> how come Apache can find that file when giving a 403 error in response to an
> https request, but not in response to an http request?
Maybe you punched a hole in your config to allow access to the file,
but only in the non-SSL vhost?
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how to make ErrorDocument apply to https://
site as well?
Posted by Bennett Haselton <be...@peacefire.org>.
Thanks, I had actually just realized that might work :)
Yes, putting this into .htaccess does the trick:
***
<Files banned_ip.php>
allow from all
</Files>
ErrorDocument 403 /banned_ip.php
order deny,allow
deny from 71.112.32.149
***
Now the real question is why, for http requests, it allowed me to
view the banned_ip.php error message, instead of saying that a 403
error occurred while trying to follow the ErrorDocument
directive. Apparently Apache applies some different set of rules to
the two situations, and I'll be damned if I can find anything in the
documentation that says why the two cases would behave
differently. For https requests, Apache applied the .htaccess
restrictions to the file listed in the ErrorDocument directive, and
for https requests it didn't.
-Bennett
At 07:33 PM 7/25/2010, Eric Covener wrote:
> > 2) in any case, if that is the cause, what would be the solution?
>
>You put a <Files> section inside of a <Directory> section and allow
>all IP addresses to access it (order deny,allow ; allow from all)
>
>--
>Eric Covener
>covener@gmail.com
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how to make ErrorDocument apply to https:// site as
well?
Posted by Eric Covener <co...@gmail.com>.
> 2) in any case, if that is the cause, what would be the solution?
You put a <Files> section inside of a <Directory> section and allow
all IP addresses to access it (order deny,allow ; allow from all)
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how to make ErrorDocument apply to https://
site as well?
Posted by Bennett Haselton <be...@peacefire.org>.
At 05:30 PM 7/25/2010, Eric Covener wrote:
> > A little more potentially useful information:
> > The 403 forbidden message that comes up when I try to access an
> https:// URL
> > also says:
> > "Additionally, a 403 Forbidden error was encountered while trying
> to use an
> > ErrorDocument to handle the request."
> >
> > So apparently Apache is *applying* the ErrorDocument directive to
> https://
> > requests, it's just not able to find the /banned_ip.php file when
> doing so.
>
>No, not "not able to find". How did you "ban" the IP
in /var/www/html/.htaccess
>and how do you
>expect Apache to be able to serve the errordocument for the banned IP?
Well, it works for http URLs -- when I go to this address from my
home IP (which is in the "banned" list), I see the banned_ip page
(note my browser does not get redirected, I stay on the URL below but
I see the contents of banned_ip.php):
http://209.160.28.154/
I assume that what you're saying is basically: Since my .htaccess
file denies access to my IP to any file underneath /var/www/html ,
why should I expect the server to be able to serve the contents of
banned_ip.php to me, and isn't that probably why I'm getting the
error for https:// URLs?
That makes sense, but:
1) like I said, it works for http URLs; and
2) in any case, if that is the cause, what would be the
solution? Move banned_ip.php to a higher-level location like
/var/www/banned_ip.php? The problem with that is that the path
specified for ErrorDocument has to be relative to the DocumentRoot,
which is /var/www/html . (And, putting "/../banned_ip.higher.php" in
the ErrorDocument directive to jump one directory higher, does not
work :) That just gives a 400 Bad Request error.)
> >
> > So since my directive says
> > ErrorDocument 403 /banned_ip.php
> > how come Apache can find that file when giving a 403 error in
> response to an
> > https request, but not in response to an http request?
>
>Maybe you punched a hole in your config to allow access to the file,
>but only in the non-SSL vhost?
Unfortunately this is on a machine that's completely clean and I
didn't make any other changes. So I don't know why Apache is able to
serve /var/www/html/banned_ip.php in response to 403 errors generated
by http requests but not https requests.
-Bennett
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org