Home / server / Questions / 573117
Accepted
leedm777
Asked: 2014-02-05 08:05:27 +0800 CST

How do I force Apache to respond with 403 for http requests?

  • 772

I'm using Apache as a frontend for a RESTful service I'm building. All access to the service should come in over HTTPS, so I'd like Apache to respond to any HTTP access with a 403 message stating that secure access is required.

How would I configure Apache to do that?

<VirtualHost *:80>
        ServerName api.digiumcloud.net
        # Stuff to force 403 responses here
</VirtualHost>
apache-2.2

2 Answers

  1. Best Answer

    I think you may be best by simply redirecting your users to HTTPS. But to do what you want, I think the following should work:

    RewriteEngine on
RewriteRule /403-message.html - [L]
RewriteRule ^(.*)$ /403-message.html [L,R=403]
ErrorDocument 403 http://api.digiumcloud.net/403-message.html

    Of course you have to make a 403-message.html file with what you want.

    But to redirect to HTTPS:

    RewriteEngine on
RewriteRule ^(.*)$ https://api.digiumcloud.net/$1 [L,R]
    • 3

  2. Add SSLRequireSSL

    It isn't HTTPS so it will always result in a Forbidden 403 Error

    Redirecting HTTP to HTTPS using something like...

    RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule . https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

    Is the better solution, and does not hardcode the server or URI, preservice the URI as part of the redirection.

    However you have to do this in the server configs, and not in ".htaccess".

    If you used it in ".htaccess" with authentication, the authentication happens BEFORE the redirection (passwds get sent over HTTP in the clear).

    The server configs do not have that problem as the HTTP and HTTPS directives can be placed in separate VHosts.

    • 2