.htaccess deny all, including the htaccess file and display 404 - how do I do it?
How do I do this in my .htaccess file for a specific directory in my document root?:
- deny all access to anything (including the .htaccess too)
- return a 404, not a 403 error
- no files or subdirectories should be accessible or detected by humans or bots
- only php access by the local host would be allowed
Seems like it would be simple. This works but throws a 403 not a 404:
deny from all
Why not create a custom error page?
deny from all ErrorDocument 403 /error/404.html
The server will always want to throw a 403 error if someone is not authorized to view the page and that's what you're trying to do. However, you can change the ErrorDocument for error 403 to show an HTML page that says it's a 404 error.
My example has a folder in the root directory named error and an html file in it named 404.html.
Have you tried something like this? This will force a 403 Forbidden error when someone tries to view anything in DIRECTORY. PHP scripts can still access everything inside the directory. Obviously replace DIRECTORY with your preferred directory.
RewriteRule ^DIRECTORY - [F]
I do not like sending some html page that says it's a 404 error when really it is just an html page that may as well be located at Iamafake404error.html
You might try this instead:
Order Deny,Allow Deny from all Allow from 126.96.36.199 ErrorDocument 403 /throwaREAL404error.html ErrorDocument 404 /throwaREAL404error.html ErrorDocument 500 /throwaREAL404error.html ### never deliver .git folders, .gitIgnore RewriteRule ^(.*/)?\throwaREAL404error.html+ - [R=404,L] # 2nd line of defense (if no mod_rewrite) RedirectMatch 404 ^(.*/)?\throwaREAL404error+