Rectangle 27 1

When Apache sends the document specified by ErrorDocument, it is not serving it as a regular page, and has already sent the 404 headers. Instead of using the ErrorDocument directive in Apache, you should instead use your PHP script to check first if the document exists, and if it does, display it. If it does not exist, then PHP sends the 404 error header itself.

The following does not take place in error404.php, but rather in a normal script like index.php:

// Do whatever you're doing to check
require("checkdb.php");

// If the check fails, PHP sends the 404:
header("HTTP/1.0 404 Not Found");
// Then display your custom error document with PHP
// You can display the other contents of error404.php
echo "Oops, page wasn't found!";
exit();

And remove the ErrorDocument directive from your Apache configuration.

The thing is that the "page" is like link and this is how it is described. There will be a lot of those fake pages that are dynamically created. I've seen a lot of website designers on forums complaining of getting a 200 OK with ErrorDocument 404 instead of 404 not found and I getting the opposite. I want a 200 OK instead of a 404.

php - using header() on htaccess for 404 not found - Stack Overflow

php mysql .htaccess http-status-code-404 http-status-code-200
Rectangle 27 3

The only reason I can think that apache might not be reading the user's IP correctly is if you're behind a proxy or load balancer. If that is the case you would use X-Forwarded-For instead of ip. In PHP, you can confirm if you're behind a proxy by comparing $_SERVER['REMOTE_ADDR'] and $_SERVER['HTTP_X_FORWARDED_FOR'].

If that is not the issue so you might have better luck finding an answer at ServerFault.

I can offer you some workarounds though. The easiest solution may be to use one of several WordPress security plugins that allow you to restrict access to the backend by IP address.

Alternatively, in your theme or in a plugin you can implement this same sort of authentication logic:

add_action('init', function() {
    $allowed_ips = array('50.153.218.4');
    if(is_admin() || $GLOBALS['pagenow'] == 'wp-login.php') {
        if( !DOING_AJAX && !in_array($_SERVER['REMOTE_ADDR'], $allowed_ips) ) {
            wp_die('', 'Forbidden' array(
                'response' => 403
            ));
        }
    }
});

Update: From the comments it looks like there is a proxy involved. This should work:

ErrorDocument 401 default
ErrorDocument 403 default

SetEnvIF X-Forwarded-For "50.153.218.4" AllowIP

# Disallow access for everyone except these IPs
<RequireAny>
    Require env AllowIP
</RequireAny>

# Allow plugin access to admin-ajax.php around password protection
<Files admin-ajax.php>
    <RequireAll>
        Require all granted
    </RequireAll>
</Files>

and

# Protect WordPress
ErrorDocument 401 default
ErrorDocument 403 default

SetEnvIF X-Forwarded-For "50.153.218.4" AllowIP

<Files wp-login.php>
    <RequireAny>
         Require env AllowIP
    </RequireAny>
</Files>

You should also be able to use a similar method using the "Allow, Deny" syntax.

I am using Cloudflare for CDN and nginx reverse proxy for speed improvements so one of those must be causing it. Although I had both before I upgraded to new apache and it seemed to work then. I did indeed confirm that REMOTE_ADDR and HTTP_X_FORWARDED_FOR do not match. Would you know off the top of your head which one is the cause? I'd rather do it through apache than PHP since it will probably be safer and faster. I've tried a few WordPress security plugins but they all eventually fail or still add too much load to the server in case of brute force attacks.

@zen It must be the reverse proxy. A reverse proxy sits between the webserver and the user. All of your requests are actually coming from the proxy so the IP address you see is the proxy's. A CDN would not cause this sort of issue. It's strange that before the upgrade this wasn't an issue. It might having something to do with configuring apache to account for the reverse proxy. If you're interested I would ask on ServerFault.

thanks for the edit. I will mark this the correct answer since that is a good solution for now.

wordpress - Apache 2.4 Require ip not working - Stack Overflow

wordpress apache .htaccess
Rectangle 27 5

C:/wamp/www/magentodev/.htaccess
ErrorDocument 404 default
Options +FollowSymLinks
RewriteEngine on

RewriteRule ^boombottleh2o(/.*)?$ gu/boombottleh2o.php [NC,L]

I already had follow symlink and rewrite engine, I have change rewrite rule to what you have suggested, I tried urls, it is not working

"not working" doesn't help fix your problem. Show the current config, the input URL, and the RewriteLog.

@covener please clarify what you need to see. where can I find the rewrite Log?

php - .htaccess has been read but rewrite url is not working - Stack O...

php apache .htaccess mod-rewrite
Rectangle 27 0

Well, it didn't. I think Benoit is right. Only sending a 404 header from PHP with no content, does not force Apache to serve the content at the URL defined in my ErrorDocument. I hoped for that, but it doesn't happen.

php - Apache .htaccess: ErrorDocument and RewriteEngine not working to...

php .htaccess mod-rewrite http-status-code-404
Rectangle 27 0

ErrorDocument 401 /error/PHP/server-error.php?error=401

ErrorDocument 403 /error/PHP/server-error.php?error=403

ErrorDocument 404 /error/PHP/server-error.php?error=404

ErrorDocument 500 /error/PHP/server-error.php?error=500

ErrorDocument 503 /error/PHP/server-error.php?error=503

You missed the whole point of this post

This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post - you can always comment on your own posts, and once you have sufficient reputation you will be able to comment on any post.

php - Apache's ErrorDocument directive does not redirect - Stack Overf...

php apache error-handling custom-error-pages errordocument
Rectangle 27 0

I don't believe Apache will let you run PHP files for 500 errors because the error page could generate an error. Try rendering out your 500 error to an HTML file and point your directives at that.

Thanks for the suggestion but using a .html file makes no difference, the browser still receives a 500 response and no content.

Apache ErrorDocument not working for PHP 500 error - Stack Overflow

apache errordocument
Rectangle 27 0

I happened to encounter the same issue while working with codeigniter and Imagick. imagick was setting a 500 HTTP error when something went wrong and in that case Codeigniter's custom 500 message was not displayed.

I resolved this by adding try-catch to all Imagick functions.Check that where from the 500 issue is arising and then add a try-catch there.As for

ErrorDocument 500 /errorpage.php?error=500

,I read loads online about the same where some people claim that this solved their similar issue, others say that it wouldnt help as Apache has handed over the control to PHP.Maybe some php code is setting Headers to 500 and that would probably lead to the browser displaying its custom 500 error message.

Apache ErrorDocument not working for PHP 500 error - Stack Overflow

apache errordocument
Rectangle 27 0

//Custom 403 errors
ErrorDocument 403 your-path/403.php

//Custom 404 errors
ErrorDocument 404 your-path/404.php

//Custom 500 errors
ErrorDocument 500 your-path/500.php

Please add an explanation of what the above has to do with the question asked. How does it relate to the requested .htaccess file?

Sorry, but such approach redirect user on error to related php page, I need to display an error on the go.

This is what you need. You can make these pages act exactly as you're asking - for eample they can all be symlinked to the same file which inspects the env vars (e.g. $_SERVER) to figure out which error to display.

apache - .htaccess show 404, 403, 500, ... pages via php - Stack Overf...

php apache .htaccess errordocument
Rectangle 27 0

When you reference an error page in .htacess, all your doing is a redirect:

ErrorDocument 404 /404.htm

Change that to error.php?code=404 and then pick that up in error.php using:

if($_GET['code'] == '404') {
    include('404.php');
}

apache - .htaccess show 404, 403, 500, ... pages via php - Stack Overf...

php apache .htaccess errordocument
Rectangle 27 0

Why not have one ErrorDocument handle all the errors in all the folders? Might be much cleaner that way. You could then handle the individual case using $_SERVER["REQUEST_URI"] which should contain the original request if I remember correctly.

The problem is that this is a program that I want to use in lots of places, and I don't want to modify the structure of the whole site each time. I really want to get it to work in an isolated folder, without affecting what's outside.

apache - How to use errordocument to redirect to a php file in the sam...

php apache .htaccess redirect errordocument
Rectangle 27 0

Usually if there is a 500 status code then Apache has messed something up and it can't run your index.php file, resulting in another 500 status code. Apache continues this error loop for a few iterations before it finally says "no more loops" and sending its own error page.

The only really safe way to display a custom page for a 500 status code is to use plain text or use a basic .html or .shtml file that doesn't try to access other things on your server, so you don't keep triggering more 500 status codes in the page load.

Usually if a crawler encounters a 500, it will just ignore the page temporarily. A 500 code is recoverable, it doesn't necessarily mean there is no page there, just that the server is messed up at the moment. The bots are smart and can determine what error codes mean what, as long as the page is always sending the status code in the page header.

Remember, if you use a PHP file as your error document, you need to resend the HTTP status code using the header function inside PHP to ensure proper page detection, like so:

Good note about resending status codes.

So, for example, if I print a 403 error on my page, I also need to send 403 header right? For what concerns crawlers and temporary errors it's ok, I understand... but does it also work if user enters, for example, "/non-existant.gif" and gets redirected to "/index.php?error=400"? What would happen? Crawler hits index.php and receives a 404 status code... isn't that bad for indexing? And what kind of "robots" meta tag should I use in both cases?

When a user hits a file they don't have access too or doesn't exist, whatever the reason is, the page doesn't actually get redirected. The URL in the address bar stays the same and the file that's executed gets changed by Apache. This file can store data about the error, display a custom page, but it also needs to send an appropriate error code (such as a 404) so bots or whoever accessed it will stop trying to access it. You're not saying index.php doesn't exist, you're saying that path they accessed doesn't exist. I'm not sure what you mean by robots meta tag.

When I print my homepage (so I'm not on /index.php because an ErrorDocument directive called it), I would like the crawlers to navigate every link and index it, so I put "index, follow" on robots meta. But if I'm using /index.php to print a custom error, I would like to change that header to "noindex, nofollow" because I don't want an erro page to be indexed and followed by crawlers. Being always the same file... could this tag swap cause problems to my site indexing?

@Zarathos: If a crawler follows a link to a file that doesn't exist, it will just assume that it doesn't exist. If later the file does appear (exist), the crawler will eventually follow that link again and determine that the page exists now and index it. You seem to be confused how the index.php file is working though. The index.php is only the file being used to print the page and not the actual page the bot is looking at. As long as you send a HTTP status code when your index.php processes an error page, you should be fine.

apache - Index.php as custom error page - Stack Overflow

php apache .htaccess http-status-codes errordocument
Rectangle 27 0

Are you expecting some new wave of HTTP Status Codes to hit the web in the near future that you can't just make a list of 10 or so error codes that point to the correct corresponding documents? You really should just go through the List of HTTP status codes and pick out which ones your server would actually use and set error documents for those ones. An ordinary web server would probably only ever see a 404 and a 500, maybe a 403 if it the permissions weren't configured correctly, and maybe a 509 if you're on a shared web service (although I think that one is handled by the hosting provider anyways). If you're not building some very advanced web server that can do a whole lot of different things, you're just wasting your web server's microscopic time looking for all those error codes it will never use.

But seriously, don't list every single status code from 400 to 510. Seriously. A lot of those would be status codes you'd manually send from the executing script when it determines something is wrong.

Is there any kind of conflict between rewrite rules and errordocuments?

No, an ErrorDocument will be used if the final path determined by RewriteRules doesn't exist or you don't have permission to the file, whatever the reason is.

php - ErrorDocument & Mod Rewrite - Stack Overflow

php apache .htaccess mod-rewrite errordocument
Rectangle 27 0

ErrorDocument 404 /404.php

the /404.php path may not be the absolute path to your htdocs folder root but instead the root of your filesystem. This may be, based on your configuration, e.g. /home/htdocs/ or ~ and so on.

So what one need to do is find out the absolute path and set it accordingly.

apache - ErrorDocument 404 /404.php is not working in .htaccess file i...

php apache .htaccess mod-rewrite
Rectangle 27 0

Yes declare 404 document after the Rewrite rules

It's normal your server do not push any 404 error, you're using a catchall regexp ((.*)) as the only rewrite rule.

But your issue is not really htaccess related. In php if you send 404 header the browser wont be redirected to the 404 page automaticaly, but you have to serve error page content yourself in PHP, as it is done by most frameworks with internal routing system.

Hi Benoit, So you are saying that only sending a 404 header does not force Apache to server the content at the ErrorDocument URL. If I serve the content from PHP, after setting the 404 header, I do get the 404 page displayed in the browser, but the address bar still shows the invalid URL, instead of /404/. After giving some more thought, I guess that's not actually bad at all.

Hi, You're right, it does not seems bad if browser is not forwarded to real 404 page url. Apache does not redirect too using ErrorDocument declaration. IMHO it is better this way : search engines crawler will forget the url responding with 404 http response code, and humans will see a nice 404 page instead of apache's default one or worse, page with errors on it.

php - Apache .htaccess: ErrorDocument and RewriteEngine not working to...

php .htaccess mod-rewrite http-status-code-404
Rectangle 27 0

Your use of ErrorDocument is wrong here:

ErrorDocument 404 /Users/me/folder/mamp/404.php

You need to use path either relative path from DocumentRoot OR use full URL starting with http. So use:

ErrorDocument 404 /404.php
ErrorDocument 404 http://domain.com/404.php

Hi and thanks for the answer. I have tried the relative /404.php, the full DocumentRoot of /Users/me/folder/mamp/404.php, and now, at your recommendation, the full URL of http://localhost:8888/404.php. All nothing.

http://localhost:8888/404.php
404.php

Ok and are you sure .htaccess is enabled? Verify whether your .htaccess is enabled or not, by putting same garbage (random) text on top of your .htaccess and see if it generates 500 (internal server) error or not?

Hi, yes that produced a 500 error when I added random text

apache - PHP header 404 .htaccess ErrorDocument not working on local m...

php apache .htaccess mamp
Rectangle 27 0

you have 2 incompatible sections in this file. choose one leave either only first line or only the rest of the file. But not both.

Bottom three lines tells web-server to direct all non-existent pages to the index.php, not to errordoc.php

php - ErrorDocument doesn't seem to be working in my .htaccess - Stack...

php apache .htaccess errordocument
Rectangle 27 0

How about this. In your root path, you set up a generic error.php file. However, all it does is parse the REQUEST_URI, check the path, see whether there is a custom error.php there, and include that. Could work, huh?

apache - How to use errordocument to redirect to a php file in the sam...

php apache .htaccess redirect errordocument
Rectangle 27 0

You may need to add the ErrorDocument declaration earlier in the Apache conf chain. If you add this to a vhost conf it may not be called.

Apache ErrorDocument not working for PHP 500 error - Stack Overflow

apache errordocument
Rectangle 27 0

I guess the answer to my question is: I don't need to. What I was trying to accomplish was a "404 redirect". That is, when requesting an invalid URL, redirect to the 404 document along with setting the "Status 404 Not found" header. And I am not sure that's something I want, because invalid URLs should be marked with the 404 status code, not redirected.

php - Apache .htaccess: ErrorDocument and RewriteEngine not working to...

php .htaccess mod-rewrite http-status-code-404
Rectangle 27 0

#
# XAMPP settings
#

<IfModule env_module>
    SetEnv MIBDIRS "/xampplite/php/extras/mibs"
    SetEnv MYSQL_HOME "\\xampplite\\mysql\\bin"
    SetEnv OPENSSL_CONF "/xampplite/apache/bin/openssl.cnf"
    SetEnv PHP_PEAR_SYSCONF_DIR "\\xampplite\\php"
    SetEnv PHPRC "\\xampplite\\php"
    SetEnv TMP "\\xampplite\\tmp"
    UnsetEnv PERL5LIB
</IfModule>

#
# PHP-Module setup (module as default version 5.3 in my case)
#

LoadFile "/xampplite/php/php5ts.dll"
LoadModule php5_module modules/php5apache2_2.dll

<IfModule php5_module>
    <FilesMatch "\.php$">
        AddHandler application/x-httpd-php .php
        #SetHandler application/x-httpd-php
    </FilesMatch>
    <FilesMatch "\.phps$">
        SetHandler application/x-httpd-php-source
    </FilesMatch>
    PHPINIDir "/xampplite/php"
</IfModule>


#
# PHP-CGI multiple Version Setup
#

Action application/x-httpd-php4_3 "/php4_3/php.exe"
AddType application/x-httpd-php4_3 .php4 .php

Action application/x-httpd-php4_4 "/php4_4/php.exe"
AddType application/x-httpd-php4_4 .php4 .php

Action application/x-httpd-php5_4 "/php5_4/php-cgi.exe"
AddType application/x-httpd-php5_4 .php5 .php  

Action application/x-httpd-php-cgi "/php-cgi/php-cgi.exe"
AddType application/x-httpd-php-cgi .php  

<IfModule mime_module>
    AddType text/html .php .phps
</IfModule>

ScriptAlias /php4_3/ "/xampplite/php4_3/"
<Directory "/xampplite/php4_3">
  AllowOverride None
  Options None
  Order allow,deny
  Allow from all
</Directory>

ScriptAlias /php4_4/ "/xampplite/php4_4/"
<Directory "/xampplite/php4_4">
  AllowOverride None
  Options None
  Order allow,deny
  Allow from all
  SetEnv PHPRC "\\xampplite\\php4_4"
</Directory>

ScriptAlias /php5_4/ "/xampplite/php5_4/"
<Directory "/xampplite/php5_4">
  AllowOverride None
  Options None
  Order allow,deny
  Allow from all
  SetEnv PHP_PEAR_SYSCONF_DIR "\\xampplite\\php5_4"
  SetEnv PHPRC "\\xampplite\\php5_4"
</Directory>

ScriptAlias /php-cgi/ "/xampplite/php/"
<Directory "/xampplite/php">
    AllowOverride None
    Options None
    Order deny,allow
    Deny from all
    <Files "php-cgi.exe">
        Allow from all
    </Files>
</Directory>

<Directory "/xampplite/cgi-bin">
    <FilesMatch "\.php$">
        SetHandler cgi-script
    </FilesMatch>
    <FilesMatch "\.phps$">
        SetHandler None
    </FilesMatch>
</Directory>

<Directory "/_projects/xampp">
    <IfModule php5_module>
        <Files "status.php">
            php_admin_flag safe_mode off
        </Files>
    </IfModule>
    AllowOverride AuthConfig
</Directory>


<IfModule alias_module>
    Alias /security "/xampplite/security/htdocs/"
    <Directory "/xampplite/security/htdocs">
        <IfModule php5_module>
            <Files "xamppsecurity.php">
                php_admin_flag safe_mode off
            </Files>
        </IfModule>
        AllowOverride AuthConfig
   </Directory>

    Alias /licenses "/xampplite/licenses/"
    <Directory "/xampplite/licenses">
        Options +Indexes
        <IfModule autoindex_color_module>
            DirectoryIndexTextColor  "#000000"
            DirectoryIndexBGColor "#f8e8a0"
            DirectoryIndexLinkColor "#bb3902"
            DirectoryIndexVLinkColor "#bb3902"
            DirectoryIndexALinkColor "#bb3902"
        </IfModule>
   </Directory>

    Alias /phpmyadmin "/xampplite/phpMyAdmin/"
    <Directory "/xampplite/phpMyAdmin">
        AllowOverride AuthConfig
    </Directory>

    Alias /webalizer "/xampplite/webalizer/"
    <Directory "/xampplite/webalizer">
        <IfModule php5_module>
            <Files "webalizer.php">
                php_admin_flag safe_mode off
            </Files>
        </IfModule>
        AllowOverride AuthConfig
    </Directory>
</IfModule>


#
# New XAMPP security concept
#

<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
    Order deny,allow
    Deny from all
    Allow from ::1 127.0.0.0/8 \
               fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
               fe80::/10 169.254.0.0/16

    ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>

how to use in .htaccess

#SetHandler application/x-httpd-php4_3
#SetHandler application/x-httpd-php4_4
SetHandler application/x-httpd-php5_4

XAMPP conf - Run php5_module per default & switch to other php cgi ver...

php .htaccess configuration xampp version