Hi,
I have installed an .htacess file on my server that includes the IP addresses of any user I have caught attempting a DDoS, unix command, file command, mysql commands or hidden perl script execution.

ErrorDocument 403 /403.html
order allow,deny
deny from xxx.xxx.xxx.xx
allow from all

The interesting thing is that the ErrorDocument statement is apparently redundent and since the IP address is denied the 403.html display is also denied!

How is this error page used? Does it only work if I put the 403.html in a higher directory than the .htaccess?

Like:
ErrorDocument 403 ../403.html

Regards,
Stan

Not sure what you mean. ErrorDocument just specifies document. Permissions are not directly related, except that a 403 (access denied) error produces a 403 ErrorDocument.


Likewisel, you don't put access directives under an ErrorDocument directive.

What I mean is I get this message; only this one is for a 404 error. I didn't want to deny myself to show the actual 403 message.
I am thinking that the 403.html cannot be accessed because the IP is Denied all access even to the 403.html.

Are you also saying that the ErrorDocument directive should be under the access directives? Or are they mutually exclusive?

Thanks, by the way for responding. I know I have a lot to learn.

Stan D

No, what I am saying is that the ErrorDocument directive points to an error document, and nothing more. You are confusing assess directives with document directives, and I am not sure why.

The Apache documents are pretty clear on this, for example:

http://httpd.apache.org/docs/1.3/custom-error.html

I think I do understand that the ErrorDocument 403 /403.html points to a html document that will be called when a 403 error is generated instead of the hard coded error message of "access denied". I have an html page for 404 errors that works when the user requests a non-existent page. It tells the user that the page is not there and provides a link to the home page.

What I'm attempting to understand is how to display my own error message for a "403" error; access denied to a certain IP address. It is my understanding that you deny access with the line: deny from xxx.xxx.xxx.xx
Where the x's are a valid IP address. In fact this works and the requesting machine with that IP addess is indeed presented with the server's hard coded message of 403, access denied.
BUT it also adds that in addition there was an error in attempting to present the 403.html page that I have custom designed with information to the user as to how to get reinstated or removed from the deny list.

So my error document statement works for the 404 error, but not the 403 error.

Sorry to keep posting here, but I'm still not clear as to how one would use a ErrorDocument 403 to replace the hard coded message and to exclude an IP address. The "deny from xxx.xxx.xxx.xx" does generate the 403 error, but the 403.html does not display.

How would you do this task? Maybe an example would be clearer. I did read the info on the link provided.

Regards,
Stan

Never mind I got it working. The problem was in my html, not my thinking. I do understand how it's supposed to work!

It should work as I described and in fact it does. A banned IP address now gets my 403.html message as does someone who attempts to det a directory listing.

SD