2

I have In my web root /home/www/ I have an .htaccess file to ban IP addresses:

order allow,deny
deny from 1.2.3.4
deny from 2.3.4.5
allow from all

ErrorDocument 500 /errors/500.htm
ErrorDocument 403 /errors/403.htm

I have also tried it this way with the error statements:

ErrorDocument 500 /home/www/errors/500.htm
ErrorDocument 403 /home/www/errors/403.htm

I have created an error directory, /home/www/errors which contains the following files:

403.htm
500.htm
.htaccess

In the errors directory .htaccess I have set the rules:

order deny,allow
allow from all

If I put my IP in the root .htaccess file I can't browse the site. I get an error:

Forbidden - You don't have permission to access / on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

However if I browse to /errors/500.htm I can see that page in my browser, so I know the subdirectory .htaccess seems to allow those files to be loaded.

What am I doing wrong? How can I deny from a certain IP address but still show a custom error page with Apache2?

cwd
  • 2,693
  • 9
  • 32
  • 47

1 Answers1

1

it would be much easier to simply redirect people coming from the blocked IPs to an error page:

RewriteCond %{REMOTE_ADDR} 1.2.3.4
RewriteRule .* /CustomError.html [R=403]
Chris S
  • 77,337
  • 11
  • 120
  • 212