httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ian Veach <IVE...@nshe.nevada.edu>
Subject [users@httpd] ErrorDocument doesn't work with non-pathed (root) URL?
Date Mon, 23 Oct 2017 18:03:03 GMT

I've got a virtual server with Wordpress installed in it (base dir install).  Apache 2.4.6
(latest for RHEL).  Apps group has a requirement that their entire site be protected (only
certain "users" can access), and so a complex RequireAny was set up.  That has been working
fine for some time.

Now, the  application group would like to add a custom page for any 403 for people who do
not meet the RequireAny requirements.  I've added an ErrorDocument (pointing to a different
vserver, since this site is otherwise protected from even serving a 403).  That directive
does get triggered, so I know it's working.  But it only gets triggered when some pathing
is used (e.g. https://FQDN/path/file) with the vserver name.   If I browse to https://FQDN
or https://FQDN/, The ErrorDocument does not seem to get triggered.  Why?

More details:

For this question, I'm protecting the name of the server, and using www.foo.com and www.bar.com.

Apache 2.4, with typical LAMP and a variety of virtual servers. I've verified with find/grep
there are no other ErrorDocument directives in other [base/parent] config files. Virtual server
(root) is protected with a complex RequireAny, which works fine - requires a certain IP set
or Referer (yes, I know - client insisted). In my virtual server config file, I have the following:

ErrorDocument 403 https://www.bar.com/something-went-wrong/

The vserver runs wordpress, so there's a .htaccess (with no ErrorDocument directive, but probably
a plugin), but I believe the vserver config takes precedence in either case, anyway.

Testing:

For testing, I modified the RequireAny to exclude my IP (so I get the 403). When I try things
like this:
     www.foo.com/nosuchfile
     www.foo.com/direxists/file.exists<http://www.foo.com/direxists/file.exists>

the ErrorDocument directive works GREAT and AS EXPECTED (takes me to bar.com/something-went-wrong):

However, when I try things like this (base FQDN, with or without the ending /):
    www.foo.com
    www.foo.com/<http://www.foo.com/>

it results in the dreaded
     Forbidden
     You don't have permission to access / on this server.

    Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument
to handle the request.

Is there a known reason ErrorDocument might not handle the base FQDN case? It seems like the
ErrorDocument directive works except for those cases (and I need it to).  I've even tried
moving the ErrorDocument directive to the base httpd.conf, and still no joy.  Logs don't seem
to show anything useful.


Thanks for any assistance!


cheers and thanks,
Ian 'ivo' Veach, Senior Systems Analyst
System Computing Services, Nevada System of Higher Education

PUBLIC RECORDS NOTICE: In accordance with NRS Chapter 239, this email and responses, unless
otherwise made confidential by law, may be subject to the Nevada Public Records laws and may
be disclosed to the public upon request.

Mime
View raw message