Project

General

Profile

Actions

Bug #2633

closed

url.access-deny and 404 handler

Added by CyberCr33p over 7 years ago. Updated over 7 years ago.

Status:
Wontfix
Priority:
Normal
Category:
-
Target version:
-
ASK QUESTIONS IN Forums:

Description

Hello,

I use url.access-deny to block access for php scripts in some directories:

$HTTP["url"] =~ "/images/.*\.php$" {
url.access-deny = ( "" )
}

If I visit http://www.domain.com/images/file.php then it loads the file 404.php (404 handler). If I don't have a 404.php file then it returns "403 - Forbidden".

I believe that when you use url.access-deny it should always show "403 - Forbidden".

Kind regards,
Christos Chatzaras

Actions #1

Updated by CyberCr33p over 7 years ago

This one fix it:

$HTTP["url"] =~ "/tmp/.*\.php$" {
url.access-deny = ( "" )
server.error-handler-404 = "/tmp/"
}

Actions #2

Updated by stbuehler over 7 years ago

  • Status changed from New to Wontfix

server.error-handler-404 has very "strange" semantics, and I'd rather not touch it. How is the handler supposed to know what triggered the 403 or 404 (it actually handles both)?

There are better ways to handle not existing files (see url.rewrite-if-not-file).

Actions

Also available in: Atom