tags:

views:

40

answers:

4
+2  Q: 

Give 404 on existing folder/directory

I have a folder in my root that i want no one to know of. Even if someone types in it correct i want to throw a 404 not found.

Would this be Possible to do with mod-rewrite perhaps?

I cant store it outside root right now, dont ask why

Thanks!

+1  A: 

Is throwing a 403 out of the question? If you have shell access, you can chmod the directory so the web user cannot read or stat it.

Tristan  2010-07-17 20:52:38
At the very least, throwing a 404 is not the correct HTTP status. 204 No Content, a 301 Redirect, 401 Unauthorized by adding security, or a 403 Forbidden is fine.
Jordan  2010-07-17 21:05:25
True, although RFC 2616 does say "This status code is commonly used when the server does not wish to reveal exactly why the request has been refused." It's sort of an implicit endorsement (or at least recognition) of the practice of using 404 to "pretend" that an existing file isn't there without revealing why.
David Zaslavsky  2010-07-18 03:35:50
A: 

I did not try this, but I guess you could redirect to something that does not exist.

zvonimir  2010-07-17 20:54:31
A: 

Create a custom 404 page and then set mod_rewrite up to rewrite requests to the offending directory to the custom 404 file. Custom 404 pages are generally good practice anyway so you get two for the price of one by doing this.

hollsk  2010-07-17 20:54:55
A: 

I'd first suggest moving the file out of the web root, unless you have a really good reason not to (and I won't easily be convinced that you do).

If you're intent on not doing that, use Tristan's suggestion of a 403 error. Something like

<Files /path/to/docroot/nameoffile>
    Order allow,deny
    Deny from all
</Files>

If you're really intent on not doing that, you should be able to use an alias to redirect the URL to a nonexistent location:

Alias /nameoffile /path/that/doesnt/exist

The same could be done with mod_rewrite,

RewriteRule /nameoffile /path/that/doesnt/exist [L]

The rewrite is more computationally expensive, but it might be your only option if you don't have access to the main server configuration.

David Zaslavsky  2010-07-17 20:59:00
To make the `RewriteRule` case a little more efficient, you can avoid rewriting at all and do `RewriteRule ^/nameoffile - [R=404]` to immediately throw a 404 status on the match. It kind of bastardizes the semantics of the `R` flag, but `mod_rewrite` considers it entirely acceptable.
Tim Stone  2010-07-17 23:52:53

related questions

How do I add a MIME type to .htaccess?
Difference between the Apache HTTP Server and Apache Tomcat?
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Cleanest & Fastest server setup for Django
Installing Apache Web Server on 64 Bit Mac
Running Apache alongside another web server?
Algorithm behind MD5Crypt
Can you compile Apache HTTP Server and redeploy its binaries to a different location ?
mod_rewrite rule to redirect all requests except for one specific path
How do I create a self signed SSL certificate to use while testing a web app.
Software for Webserver Log Analysis?
What is the difference between an endpoint, a service, and a port when working with webservices?
What are the proper permissions for an upload folder with PHP/Apache?
mod_rewrite to alias one file suffix type to another
How do you redirect HTTPS to HTTP?
Using mod_rewrite to Mimic SSL Virtual Hosts?
User authentication on Resin webserver
How do you set up Python scripts to work in Apache 2.0?
Block user access to internals of a site using HTTP_REFERER
.htaccess directives to *not* redirect certain URLs
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP