trigger 403 in php so that it shows the ErrorDocument

Asked 22/1, 2014 at 15:39 Answered 6/10, 2015 at 18:5

Solved php .htaccess http-status-code-403

recently I set up custom-made error documents for my server.

I started with a 404 page and this works like a charm: file not found automatically shows the specified 404.php page. However, with 403 I have some trouble. I set it up the same way, but I only get a blank page. It does not show the 403.php page as set in the .htaccess document. Any ideas?

Here is my code:

.htaccess:

Options -Indexes
ErrorDocument 403 /403.php
ErrorDocument 404 /404.php

php:

<?php 
header("HTTP/1.1 403 Unauthorized");
exit;
?>

Inbreed answered 22/1, 2014 at 15:39 Comment(3)

The code you post is a blank page :-? What do you expect it to print? – Interknit 22/1, 2014 at 15:43

@ÁlvaroG.Vicario He wants to force a 403 through some.php and the server automatically changes location to 403.php – Catchpenny 22/1, 2014 at 15:47

@DanFromGermany - You're right. I wrongly assumed it was the code in 403.php (and needlessly wondered why he was sending the status code again). – Interknit 22/1, 2014 at 16:0

The error document defined in the server's config only get's loaded when the server (Apache) encounters a 403 error.

If you force an error through PHP, like send 403 status code, this happens in PHP not in Apache.

So when you already know the site I want to render will fail due to unauthorized, why leave it up to apache what will happen?

<?php 
header("HTTP/1.1 403 Unauthorized");
// either:
header("Location: /403.php");
// or:
include('403.php');
exit;
?>

I started with a 404 page and this works like a charm:

Are you sure?

Do you have a script, sending 404 and get redirected to 404.php? Or did you just open a non-existent URI and got redirected?

Catchpenny answered 22/1, 2014 at 15:54 Comment(5)

Correct. The ErrorDocument directive is used to determine what Apache should send back when it replies to a request that triggers the given status code. If you generate the status code yourself, Apache doesn't know or care: your PHP script is already the output. – Interknit 22/1, 2014 at 15:58

@ÁlvaroG.Vicario Thanks for the confirmation! – Catchpenny 22/1, 2014 at 16:5

Thanks, this exactly answered my question! I was searching around before, but it was not clear. Now it is, thanks again! – Inbreed 22/1, 2014 at 17:4

Tried the redirect option after sending 403 header but I see HTTP/1.1 302 Found header in response instead. Am I doing anything wrong? – Neale 23/6, 2015 at 10:37

In addition to my previous comment, even if I only respond with header("HTTP/1.1 403 Unauthorized"); exit;, I see HTTP/1.1 200 OK response header with Content-Length: 0 – Neale 23/6, 2015 at 10:43

Go to your server's real 403 page. (Go to a forbidden URL on your server, or go to any 403 page you like)

Right-click and select 'view source'. Select all the source and save it to file on your domain like: http://domain.com/403.php

Now go to your real forbidden page (or a forbidden situation in some part of your php) example: http://domain.com/members/my_forbidden_page.php

echo this code below before any HTML output or header! (even a whitespace will cause PHP to send HTML/TEXT HTTP Header and it won't work) The code below should be your first line!

<?php header('HTTP/1.0 403 Forbidden');
$contents = file_get_contents('/home/your_account/public_html/domain.com/403.php', TRUE);
exit($contents);

I checked and verified with CPANEL Latest Visitors and it is registered as exact 403 event.

Krystin answered 6/10, 2015 at 18:5 Comment(0)

Recommended topics

Hot tags