tags:

views:

354

answers:

3
+1  Q: 

Return custom 403 error page with nginx

Im trying to display the error page in /temp/www/error403.html whenever a 403 error occurs.

This should be whenever a user tries to access the site via https (ssl) and it's IP is in the blovkips.conf file, but at the moment it still shows nginx's default error page. I have the same code for my other server (without any blocking) and it works.

Is it blocking the IP from accessing the custom 403 page? If so how do I get it to work?

server  {
    # ssl
    listen               443;
    ssl                  on;
    ssl_certificate      /etc/nginx/ssl/site.in.crt;
    ssl_certificate_key  /etc/nginx/ssl/site.in.key;
    keepalive_timeout    70;

    server_name localhost;


    location / {
            root   /temp/www;
            index  index.html index.htm;
}

# redirect server error pages to the static page
error_page   403  /error403.html;
# location = /error403.html {
#         root   /temp/www;
# }

    # add trailing slash if missing
    if (-f $document_root/$host$uri) {
            rewrite ^(.*[^/])$ $1/ permanent;
    }      

    # list of IPs to block
    include blockips.conf;
}

Edit: Corrected error_page code from 504 to 403 but I still have the same issue

A: 

It looks like there's a boo-boo in the listed configuration, as it is only sending error code 503 ("service unavailable") to the custom page, so for 403 ("forbidden") you probably want to use:

error_page  **403**  /error403.html
ewall  2010-06-30 19:26:12
(Here I'm assuming that the blockips.conf file is valid, with each lines like `deny 1.2.3.4;`.)
ewall  2010-06-30 19:36:15
Yes the blockips.conf is correct as far as I know, I only have this uncommented: deny all; (for testing)
Mint  2010-07-01 00:02:12
Ok, I edited the config file with 403 not 503 now, done a reboot and I still get default '403 Forbidden nginx' any other ideas?
Mint  2010-07-01 00:08:17
I just tried putting all the error codes (400-599 ex 499) and I still get the default nginx error page.
Mint  2010-07-01 00:24:56
+1  A: 

I done heaps of google before coming here, but done some more just now. Within 5 mins I had my answer :P

Seems I'm not the only person have this issue:

http://www.cyberciti.biz/faq/unix-linux-nginx-custom-error-403-page-configuration/

Seems that I was right in thinking that access to my error page was getting blocked.

Mint  2010-07-01 01:08:33
Bingo! Glad you found it.
ewall  2010-07-01 14:26:32
A: 

The problem might be that you're trying to server a 403 "Forbidden" error from a webserver that they are forbidden from accessing. Nginx treats the error_page directive as an internal redirect. So it is trying to server https://example.com/error403.html which is also forbidden.

So you need to make the error page not served out of https like this:

error_page  403   http://example.com/error403.html

or add the necessary "access allowed" options to the location for the error page path. The way to test this is to access the /error403.html page directly. If you can't accesses that way, it isn't going to work when someone gets an actual 403 error.

randomstring  2010-07-01 18:56:35

related questions

Guidelines for asp.net website loading estimation?
Webserver to combine xml files?
Apache Webserver security and optimization tips
Binding a socket to port 80 in ansi c
Creating a REST webserver with security
Embedded Web Server in .NET
Runnning a Python web server as a service in Windows
Where has my ASP.NET State Service disappeared to?
What web server should I use with NetBeans?
How to Limit Download Speeds from my Website on my IIS Windows Server?
ssl_error_rx_record_too_long and Apache SSL
The ideal multi-server LAMP environment
Why won't an Ajax Script Work Locally?
How do I remove loadbalancer pollution from my access logs
How to put up an off-the-shelf https to http gateway?
How do I get sun webserver to redirect from /
How to handle file uploads to a dedicated image server?
How do I write a python HTTP server to listen on multiple ports?
Best way to determine the number of servers needed
WebDev.WebServer.EXE Crashes After VS 2008 SP1 Install
Difference between the Apache HTTP Server and Apache Tomcat?
How do I replicate content on a web farm
Web server farms with IIS ? Basic Infos
User authentication on Resin webserver
HTTP: Generating ETag Header