HTACCESS - Server 404 for "deny from" instead of 403

You can be proactive about returning 404s if you know which files will 403:

RedirectMatch 404 ".*\/\..*"

will return a 404 for all files which start with a ., such as .htaccess. I don't think this will serve as a global "transform all 403s into 404s", however.

https://stackoverflow.com/questions/1486304/is-there-a-way-to-force-apache-to-return-404-instead-of-403
https://stackoverflow.com/questions/548156/problem-redirecting-403-forbidden-to-404-not-found

Darth Android

Posted 2013-04-29T14:21:22.823

Reputation: 35 133

Thanks but this is very specific to details. And my question is related to deny from ip. How to put both of these things together? – Raheel Hasan – 2013-04-29T15:32:58.703

@RaheelHasan If you have specific IPs you want to do a global block against (<Files *> -> deny from <IP>), then you should be dropping the packets at the firewall (iptables -A INPUT --s <IP> -j DROP) so that they can't even touch the webserver. If you want to be specific about only 403s, then you might need to run some sort of proxy in front of apache. – Darth Android – 2013-04-29T15:45:16.233

You could proxy the apache server with nginx and then configure nginx with proxy_intercept_errors on; and error_page 403 =404; when the requests come from the appropriate IPs – Darth Android – 2013-04-29T15:46:14.613

I like your ideas.. but I am on a shared hosting, so cant do all those things.... but thanks anyway.. – Raheel Hasan – 2013-04-29T16:12:43.233

What is the reason for this? It may help come up with a better solution to know your reasoning. – Kruug – 2013-04-29T15:08:21.797

Because I want to not even let them know that the content actually exists ! if a miscreant behind the blocked IP sees its 403, you can only imagine his motivations are going up.. – Raheel Hasan – 2013-04-29T15:10:59.533

HTACCESS - Server 404 for "deny from" instead of 403

Answers