I am using Ubuntu 19.10 with LAMP installed.
.htaccess file stored inside /EX/clean_url/handp/
folder-
RewriteEngine on
Options -Indexes
Redirect /EX/clean_url/handp/access_denied.php
So I do not want to show the folder structure of handp
.
When I try to see the folder structure of handp
in Google-Chrome then it is redirecting back to access_denied.php
page (this is good) but it is not displaying the content of access_denied.php
page because Google-Chrome’ is giving me the error
This page isn’t working
localhost redirected you too many times.
Try clearing your cookies.
ERR_TOO_MANY_REDIRECTS
I am also not able to view the file’s content present inside the handp
folder like form.php
etc. It is redirecting back to access_denied.php
page with same Google-Chrome error as above.
2
Answers
You are redirecting any attempt to access the
handp
folder. That includes valid attempts andaccess_denied.php
. Hence you’re getting the error “redirected you too many times”. It redirects you to the file, but because that file is inside that folder, it just triggers another redirect resulting in an infinite loop.Try this instead:
This should redirect only if someone is trying to access a file or folder inside
handp
that doesn’t exist.If you simply want to prevent the auto-generated directory structure being generated from mod_autoindex then all you need is:
(Which is what you already have.)
This will result in a 403 Forbidden response for any user that requests the directory directly.
If you want to return a custom 403 response then configure an
ErrorDocument
– you shouldn’t be externally redirecting (a 3xx response) to what appears to be an error document.For example:
The
ErrorDocument
directive requires a document-root relative URL-path, starting with a slash. A relative path is not supported. If you specify a relative path like./access_denied.php
(oraccess_denied.php
) then it will be seen as literal text and it will simply output the string "./access_denied.php".This directive is redirecting
/EX/clean_url/handp/<anything>
to/EX/clean_url/handp/access_denied.php
, which will also catch the redirected request toaccess_denied.php
and repeatedly redirect to itself creating a redirect loop, until the browser eventually breaks with a ERR_TOO_MANY_REDIRECTS error (after about 20 redirects).What you needed to do was redirect
/EX/clean_url/handp/
only. You can’t do this usingRedirect
since it uses simple prefix-matching. However, you can use theRedirectMatch
directive that it uses regex matching. (But note that this naturally returns a 3xx response to the client, not a 403 Forbidden response as required and exposes youraccess_denied.php
script. This is then followed by a 200 OK response whenaccess_denied.php
is requested, unless you override the HTTP status in theaccess_denied.php
script.)(Note that
Redirect
andRedirectMatch
are mod_alias directives so do not require theRewriteEngine On
directive, which is part of mod_rewrite.)For example:
The URL-path is captured in the
$1
backreference and this is used in the target URL (saves repetition).Alternatively, you could internally rewrite the request using mod_rewrite (the URL does not change to expose
_access_denied.php
, but you still need to make sure you return the appropriate 4xx HTTP status code from your script). For example:Alternatively, you could simply change the
DirectoryIndex
for this (and subsequent) directory:If you don’t have subdirectories of
/EX/clean_url/handp/
, you could remove the URL-path:(Again, you’ll need to manually send the 4xx status code from your script.)