I'm having a very specific issue with a site I'm building that is set up to use friendly URLs and custom error pages. I've been reading the message boards for days and although there are a lot of similar seeming posts, nothing addresses this problem specifically... at least to my newbie eyes.
Mostly everything on my site is running ok:
Where I'm running into trouble is if the URL gets corrupted to contain a single space followed by a forward slash:
When this happens a 403 error gets triggered but it doesn't load the custom 403.php page.
Noteably, this problem does not occur if the URL lacks the trailing slash:
These all trigger 404 errors rather than 403, which is what I would like to happen when the trailing slash is included.
I realize this is a very specific situation that will only occur if someone mangles a url while they're typing it in, but I would love for it to not happen. I talked with my web host and they said everything is correct on their end.
Here's the code I'm currently running in .htaccess in my /public-html/ directory:
ErrorDocument 403 https://www.example.com/403.php
# Begin EnforceSSL
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www.)?example.com$
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L]
</IfModule>
# End EnforceSSL
RewriteEngine On
RewriteBase /
# The Friendly URLs part
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?$1 [L,QSA,NC]
and here's the code in index.php which handles the friendly URLs:
<?php
// Create a URL array containing any passed variables, including requested page
$URL = explode("/", $_SERVER[QUERY_STRING]);
// Load the page
if (trim($URL[0]) == "index"){
require_once("home.php");
} else if (trim(($URL[0]) == "")){
require_once("home.php");
} else if (file_exists(strtolower(trim($URL[0])).".php")) {
require_once(strtolower(trim($URL[0])).".php");
} else {
require_once("404.php");
}
?>
Any help is greatly appreciated!
it's just a default Apache response: "403 Forbidden Forbidden You don't have permission to access / / on this server."
There is likely a rule (mod_security perhaps) that is defined in the server config that is blocking such requests. The issue here is that the ErrorDocument
defined in .htaccess
is too late to serve your custom response. You would need to define the ErrorDocument
earlier in the server config.
If you are on a shared server then you will need to contact your host to debug this further.