Project

General

Profile

Actions
Copy link

Bug #2633

closed

url.access-deny and 404 handler

Added by CyberCr33p about 9 years ago. Updated about 9 years ago.

Status:
Wontfix
Priority:
Normal
Category:
-
Target version:
-
ASK QUESTIONS IN Forums:

Description

Hello,

I use url.access-deny to block access for php scripts in some directories:

$HTTP["url"] =~ "/images/.*\.php$" {
url.access-deny = ( "" )
}

If I visit http://www.domain.com/images/file.php then it loads the file 404.php (404 handler). If I don't have a 404.php file then it returns "403 - Forbidden".

I believe that when you use url.access-deny it should always show "403 - Forbidden".

Kind regards,
Christos Chatzaras

Actions
Copy link
 #1

Updated by CyberCr33p about 9 years ago

This one fix it:

$HTTP["url"] =~ "/tmp/.*\.php$" {
url.access-deny = ( "" )
server.error-handler-404 = "/tmp/"
}

Actions
Copy link
 #2

Updated by stbuehler about 9 years ago

  • Status changed from New to Wontfix

server.error-handler-404 has very "strange" semantics, and I'd rather not touch it. How is the handler supposed to know what triggered the 403 or 404 (it actually handles both)?

There are better ways to handle not existing files (see url.rewrite-if-not-file).

Actions
Copy link

Also available in: Atom