I wanted to blacklist on the fly some IP address. I'm updating the main httpd.conf but i wanted to add some IPs on the fly, without using .htaccess (neither the heavy fail2ban). So, i creating a list of ip using Rewrite map. It's working well, except if i want to output the 403 error.
Here is the code that is working :
<VirtualHost x.x.x.x:80>
RewriteEngine on
RewriteMap hosts-deny "txt:/var/www/htdocs/.deny"
RewriteCond "${hosts-deny:%{REMOTE_ADDR}|NOT-FOUND}" ^-$ [NC]
RewriteRule .* /var/www/htdocs/error.php [L]
but It would make more sense for me to have it that way, meaning generating the 403 error :
<VirtualHost x.x.x.x:80>
RewriteEngine on
RewriteMap hosts-deny "txt:/var/www/htdocs/.deny"
RewriteCond "${hosts-deny:%{REMOTE_ADDR}|NOT-FOUND}" ^-$ [NC]
RewriteRule .* - [L,F]
but then it thought out the following error "You don't have permission to access /index.php on this server." Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request."
but there is already a 403 error page that is working (located there /var/www/htdocs/error.php), i've tried to move the definition outside the section where it is working for the rest of the site, except for this new set up
ErrorDocument 403 /error.php
or
ErrorDocument 403 /var/www/htdocs/error.php
none are working, meaning, i still have the 500 internal server error
Any idea where i am wrong ?
Thanks
The problem here is that the
ErrorDocument
must be available for the client. You have to insert a special rule allowing the download of that one file in order not to get an internal error. Something like this should do:This also means that the first
ErrorDocument
directive is right: since the document gets served from the virtual host, it must be relative to the webroot (i.e. it should be/error.php
, not/var/www/htdocs/error.php
).