When I send a wildcard character through the URL (such as a blank space or an asterisk), the custom error page is not displayed.
Aside: A "blank space" isn't a wildcard character, but if the requested URL-path starts with a space (ie. %20
when URL encoded) then this is indeed an invalid request - see #1 below.
There are two issues here...
Apache will trigger a 403 early if there are certain invalid characters (eg. *
, :
, "
) in the URL-path. In some respects this is OS dependent. If the character is not permitted in filenames (according to the underlying OS) then a 403 is triggered when the request is mapped to the filesystem.
This occurs before .htaccess
is processed. So if you define the ErrorDocument
late in .htaccess
then your custom error document is not called. However, if you define the ErrorDocument
early in the server config (or VirtualHost) then this should get called.
Aside:
ErrorDocument 403 /index.php/%{REQUEST_URI}
You don't need to explicitly pass the requested URL to your index.php
script. In PHP, this is available in the $_SERVER['REDIRECT_URL']
superglobal from within the error document.
Note that the $_SERVER['REQUEST_URI']
PHP superglobal is not necessarily the same as the similarly named REQUEST_URI
Apache server variable. The PHP variable contains the query string, whereas the Apache variable does not.