Reputation: 761
Apache - Require all denied HTTP status code
I am using Apache 2.4 and I am blocking an access to a specific sub-domain for everyone except one IP address.
.htaccess:
Require all denied
Require ip 111.222.333.444
This returns an "403 Forbidden" status code.
How can I make it return "404 Not Found"?
No-one from outside should know about the existence of this sub-domain. So, from external point of view, I would like to make it "invisible". Thus, everyone who goes to that domain, will receive 404 as if it does not exist.
Is it possible?
Upvotes: 4
Views: 2837
Answers (2)
Reputation: 22821
You can use a RewriteRule:
RewriteCond %{REMOTE_ADDR} !^111.222.333.444$
RewriteRule ^ - [R=404,L]
However, this doesn't really hide the fact a sub-domain exists. It returns a page not found, which is not the same thing. Presumably your subdomain still has a DNS entry, so it can be looked up.
I would also question the need to do this, 403 exists for a reason and I can't see why not to return it. Whether or not you return a 403 or a 404, the site still exists so I don't know what you're trying to achieve. No method would be enough to deter a determined hacker, and it's probably a safer method to deny an ip at server level rather than trying to obfuscate via http redirects.
Upvotes: 4
Reputation: 141
Using mod _rewrite may not be as elegant as simply denying the ip but it should get it done as follows.
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !=111.222.333.444
RewriteRule ^(.*)$ - [R=404]
Upvotes: 1
Related Questions
- .htaccess: Require all denied not respected
- In a .htaccess in Apache 2.4, the custom ErrorDocument 403 page not displayed on Require all denied
- Redirect all Apache 2.2 403 Forbidden to 404 Not Found
- Directory require all denied not working
- Exceptions in .htaccess
- What could cause deny,allow directive to be ignored in .htaccess?
- Requests to .htaccess should return 404 instead of 403
- .htaccess deny from all BUT server
- .htaccess: Deny from all
- .htaccess 403 Forbidden exclusions