skip to Main Content

I am using Ubuntu 19.10 with LAMP installed.
.htaccess file stored inside /EX/clean_url/handp/ folder-

RewriteEngine on
Options -Indexes
Redirect /EX/clean_url/handp/access_denied.php

So I do not want to show the folder structure of handp.
When I try to see the folder structure of handp in Google-Chrome then it is redirecting back to access_denied.php page (this is good) but it is not displaying the content of access_denied.php page because Google-Chrome’ is giving me the error

This page isn’t working
localhost redirected you too many times.
Try clearing your cookies.
ERR_TOO_MANY_REDIRECTS

I am also not able to view the file’s content present inside the handp folder like form.php etc. It is redirecting back to access_denied.php page with same Google-Chrome error as above.

2

Answers


  1. You are redirecting any attempt to access the handp folder. That includes valid attempts and access_denied.php. Hence you’re getting the error “redirected you too many times”. It redirects you to the file, but because that file is inside that folder, it just triggers another redirect resulting in an infinite loop.

    Try this instead:

    RewriteEngine On 
    # If requested filename is not an existing file
    RewriteCond %{REQUEST_FILENAME} !-f
    # If requested filename is not an existing directory
    RewriteCond %{REQUEST_FILENAME} !-d 
    # Rewrite the url
    RewriteRule ^([^/]+)/?$ https://your_domain.com/handp/access_denied.php [R,L]
    

    This should redirect only if someone is trying to access a file or folder inside handp that doesn’t exist.

    Login or Signup to reply.
  2. I just want to NOT show the folder structure of handp like if someone give the path to that folder in a browser to see what’s inside of it.

    If you simply want to prevent the auto-generated directory structure being generated from mod_autoindex then all you need is:

    Options -Indexes
    

    (Which is what you already have.)

    This will result in a 403 Forbidden response for any user that requests the directory directly.

    If you want to return a custom 403 response then configure an ErrorDocument – you shouldn’t be externally redirecting (a 3xx response) to what appears to be an error document.

    For example:

    ErrorDocument 403 /EX/clean_url/handp/access_denied.php
    

    UPDATE: why it is not working when i gave relative path like ./access_denied.php

    The ErrorDocument directive requires a document-root relative URL-path, starting with a slash. A relative path is not supported. If you specify a relative path like ./access_denied.php (or access_denied.php) then it will be seen as literal text and it will simply output the string "./access_denied.php".

    why Redirect is not working in my .htaccess
    .htaccess file stored inside /EX/clean_url/handp/ folder-
    Redirect /EX/clean_url/handp/access_denied.php

    This directive is redirecting /EX/clean_url/handp/<anything> to /EX/clean_url/handp/access_denied.php, which will also catch the redirected request to access_denied.php and repeatedly redirect to itself creating a redirect loop, until the browser eventually breaks with a ERR_TOO_MANY_REDIRECTS error (after about 20 redirects).

    What you needed to do was redirect /EX/clean_url/handp/ only. You can’t do this using Redirect since it uses simple prefix-matching. However, you can use the RedirectMatch directive that it uses regex matching. (But note that this naturally returns a 3xx response to the client, not a 403 Forbidden response as required and exposes your access_denied.php script. This is then followed by a 200 OK response when access_denied.php is requested, unless you override the HTTP status in the access_denied.php script.)

    (Note that Redirect and RedirectMatch are mod_alias directives so do not require the RewriteEngine On directive, which is part of mod_rewrite.)

    For example:

    RedirectMatch ^(/EX/clean_url/handp/)$ $1access_denied.php
    

    The URL-path is captured in the $1 backreference and this is used in the target URL (saves repetition).

    Alternatively, you could internally rewrite the request using mod_rewrite (the URL does not change to expose _access_denied.php, but you still need to make sure you return the appropriate 4xx HTTP status code from your script). For example:

    RewriteEngine On
    RewriteRule ^$ access_denied.php [L]
    

    Alternatively, you could simply change the DirectoryIndex for this (and subsequent) directory:

    DirectoryIndex /EX/clean_url/handp/access_denied.php
    

    If you don’t have subdirectories of /EX/clean_url/handp/, you could remove the URL-path:

    DirectoryIndex access_denied.php
    

    (Again, you’ll need to manually send the 4xx status code from your script.)

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search