views:

354

answers:

3

Im trying to display the error page in /temp/www/error403.html whenever a 403 error occurs.

This should be whenever a user tries to access the site via https (ssl) and it's IP is in the blovkips.conf file, but at the moment it still shows nginx's default error page. I have the same code for my other server (without any blocking) and it works.

Is it blocking the IP from accessing the custom 403 page? If so how do I get it to work?

server  {
    # ssl
    listen               443;
    ssl                  on;
    ssl_certificate      /etc/nginx/ssl/site.in.crt;
    ssl_certificate_key  /etc/nginx/ssl/site.in.key;
    keepalive_timeout    70;

    server_name localhost;


    location / {
            root   /temp/www;
            index  index.html index.htm;
}

# redirect server error pages to the static page
error_page   403  /error403.html;
# location = /error403.html {
#         root   /temp/www;
# }

    # add trailing slash if missing
    if (-f $document_root/$host$uri) {
            rewrite ^(.*[^/])$ $1/ permanent;
    }      

    # list of IPs to block
    include blockips.conf;
}

Edit: Corrected error_page code from 504 to 403 but I still have the same issue

A: 

It looks like there's a boo-boo in the listed configuration, as it is only sending error code 503 ("service unavailable") to the custom page, so for 403 ("forbidden") you probably want to use:

error_page  **403**  /error403.html
ewall
(Here I'm assuming that the blockips.conf file is valid, with each lines like `deny 1.2.3.4;`.)
ewall
Yes the blockips.conf is correct as far as I know, I only have this uncommented: deny all; (for testing)
Mint
Ok, I edited the config file with 403 not 503 now, done a reboot and I still get default '403 Forbidden nginx' any other ideas?
Mint
I just tried putting all the error codes (400-599 ex 499) and I still get the default nginx error page.
Mint
+1  A: 

I done heaps of google before coming here, but done some more just now. Within 5 mins I had my answer :P

Seems I'm not the only person have this issue:

http://www.cyberciti.biz/faq/unix-linux-nginx-custom-error-403-page-configuration/

Seems that I was right in thinking that access to my error page was getting blocked.

Mint
Bingo! Glad you found it.
ewall
A: 

The problem might be that you're trying to server a 403 "Forbidden" error from a webserver that they are forbidden from accessing. Nginx treats the error_page directive as an internal redirect. So it is trying to server https://example.com/error403.html which is also forbidden.

So you need to make the error page not served out of https like this:

error_page  403   http://example.com/error403.html

or add the necessary "access allowed" options to the location for the error page path. The way to test this is to access the /error403.html page directly. If you can't accesses that way, it isn't going to work when someone gets an actual 403 error.

randomstring