ErrorDocument failing to load
- Thread starter MentaL
- Start date
this is same as apache.
http://httpd.apache.org/docs/2.2/mod/core.html#errordocument
ErrorDocument 403 "Sorry can't allow you access today"
should always work either in .htaccess or httpd.conf
http://httpd.apache.org/docs/2.2/mod/core.html#errordocument
ErrorDocument 403 "Sorry can't allow you access today"
should always work either in .htaccess or httpd.conf
here's Mental's case:
1. put bad IP in
lsws web admin -> Server -> Security -> Denied List
2. expectation:
when the bad IP access the web server (any domain on it), the server return customized 403 error html page.
my comments:
1. when bad IP in server level "Denied List" access any of the website, lsws will reset the connection at once, won't do any further operations, like looking for which virtual host or which error page etc. in firefox, the message is "The connection was reset". this is why customized 403 page not work in this case.
2.when adding an bad IP in "Denied List", it requires a lsws restart, this is not efficient at all.
best to bad this IP at OS firewall, it's much more efficient. and no need restart firewall. here's the command FYI:
#iptables -I INPUT -s bad-ip-address -j DROP
3. tested and confirmed ErrorDocument works as apache.
1. put bad IP in
lsws web admin -> Server -> Security -> Denied List
2. expectation:
when the bad IP access the web server (any domain on it), the server return customized 403 error html page.
my comments:
1. when bad IP in server level "Denied List" access any of the website, lsws will reset the connection at once, won't do any further operations, like looking for which virtual host or which error page etc. in firefox, the message is "The connection was reset". this is why customized 403 page not work in this case.
2.when adding an bad IP in "Denied List", it requires a lsws restart, this is not efficient at all.
best to bad this IP at OS firewall, it's much more efficient. and no need restart firewall. here's the command FYI:
#iptables -I INPUT -s bad-ip-address -j DROP
3. tested and confirmed ErrorDocument works as apache.
that's fine. you can ban it in .htaccess
RewriteCond %{REMOTE_ADDR} ^1.1.1.1$ [OR]
RewriteCond %{REMOTE_ADDR} ^2.2.2.2$
RewriteRule .* - [F,L]
the customized 403 page will be returned for access from bad IPs.
so only need update .htaccess when adding a new bad IP, which lsws restart is not required.
note: put above rules at the very begining of .htaccess.
RewriteCond %{REMOTE_ADDR} ^1.1.1.1$ [OR]
RewriteCond %{REMOTE_ADDR} ^2.2.2.2$
RewriteRule .* - [F,L]
the customized 403 page will be returned for access from bad IPs.
so only need update .htaccess when adding a new bad IP, which lsws restart is not required.
note: put above rules at the very begining of .htaccess.