[Solved] 1.4.35_5 = access-deny + error-handler-404
Added by montr777 about 9 years ago
Hi All,
I am using:
1. FreeBSD 10.1 / i386 / 32 bit
2. lighttpd-1.4.35_5 ( original / compiled from ports )
To blocking stolen pictures with lines like:
$HTTP["referer"] =~ "^(http://badurl1\.com|http://badurl2\.com)" {
url.access-deny = ( ".jpg", ".bmp", ".png" )
}
It is working well by rejecting with code 403 in correct way.
But in case if I am using extra line in config like
server.error-handler-404 = "/error404.cgi"
then error404.cgi become to handle also 403 error.
I am expecting it to process just missed 404 pages.
So I am looking on this situation like on BUG.
I am expecting that each error will be handled by separate
handler with separate config line like:
server.error-handler-403 = "/error403.cgi"
server.error-handler-404 = "/error404.cgi"
But at current situation 403 and 404 errors are mixed
and pass as single stream into server.error-handler-404
Is it possible to solve this ?
Thanks in advance
Montr777
Replies (1)
RE: [Solved] 1.4.35_5 = access-deny + error-handler-404 - Added by gstrauss about 7 years ago
Unfortunately, historical behavior of server.error-handler-404 is to trap both 404 and 403. server.error-handler was introduced in lighttpd 1.4.40, but catches all errors.
A solution is to use Mod_Magnet to execute some custom lua code that you write. When the referer condition matches, the lua code can set both the 403 status and the response body content (even if blank). Doing so bypasses server.error-handler-404.