Project

General

Profile

Actions
Copy link

Bug #2633

closed

url.access-deny and 404 handler

Added by CyberCr33p almost 10 years ago. Updated 3 days ago.

Status:
Wontfix
Priority:
Normal
Category:
-
Target version:
-
ASK QUESTIONS IN Forums:
No

Description

Hello,

I use url.access-deny to block access for php scripts in some directories:

$HTTP["url"] =~ "/images/.*\.php$" {
url.access-deny = ( "" )
}

If I visit http://www.domain.com/images/file.php then it loads the file 404.php (404 handler). If I don't have a 404.php file then it returns "403 - Forbidden".

I believe that when you use url.access-deny it should always show "403 - Forbidden".

Kind regards,
Christos Chatzaras

Actions
Copy link
 #1

Updated by CyberCr33p almost 10 years ago

This one fix it:

$HTTP["url"] =~ "/tmp/.*\.php$" {
url.access-deny = ( "" )
server.error-handler-404 = "/tmp/"
}

Actions
Copy link
 #2

Updated by stbuehler almost 10 years ago

  • Status changed from New to Wontfix

server.error-handler-404 has very "strange" semantics, and I'd rather not touch it. How is the handler supposed to know what triggered the 403 or 404 (it actually handles both)?

There are better ways to handle not existing files (see url.rewrite-if-not-file).

Actions
Copy link
 #3

Updated by gstrauss 3 days ago

  • ASK QUESTIONS IN Forums set to No

lighttpd 1.4.77 contains a scheduled behavior change to limit server.error-handler-404 to handle only 404, and not 403.

Actions
Copy link

Also available in: Atom