Problem redirecting 403 Forbidden to 404 Not Found.

Question

The pertinent part of my .htaccess looks like this:

Options -Indexes
<FilesMatch include>
    Order allow,deny
    Deny from all
</FilesMatch>
RedirectMatch 404 ^/include(/.*)$

And it's generating the following responses:

• /include 403
• /include/ 404
• /include/config.inc 403

I can tell by looking at my pattern that problem is likely in the (/.*) part but everything I have tried gives me the same results; instead of consistently getting 404 I get a 404 for the one case and 403 for everything else. What is wrong with the expression I'm using? Alternatively since I have to do this for a few directories is there a blanket approach that would allow me to convert all 403 responses to 404?

UPDATE: I've found that by removing the FileMatch I get better results, so my .htaccess now looks like this:

Options -Indexes
RedirectMatch 404 ^/include(/.*)?$ # Added dlamblin's first suggestion

And generates the following responses:

• /include 404
• /include/ 404
• /include/config.inc 403

UPDATE: Interestingly enough I have discovered that the following produces different output:

RedirectMatch 404 ^/include(/?|/.*)$
RedirectMatch 404 ^/template(/?|/.*)$

The template pattern works on all cases however include is still generating 403 for all files in include (e.g. /include/config.inc) Could this be an issue with the directory name and not a problem with the .htaccess file itself?

UPDATE: The following in my .htaccess was conflicting with redirect when accessing /include/config.inc.

<FilesMatch config>
    Order allow,deny
    Deny from all
</FilesMatch>

Answer 1

Don't you want '^/include(/.*)?$'

This part is a guess, but what would happen if you put the RedirectMatch above the block. That way you wouldn't by denying (forbidding) access to a request before you redirect that request to 404.

Answer 2

I can understand why the /include isn't caught by your RedirectMatch, you aren't making the end '/' optional, however the /include/config.inc part is a bit on the puzzling side.

Here is what I got to work on Apache 2.2:

<FilesMatch /include(/?|/.*)>
    Order allow,deny
    Deny from all
</FilesMatch>

RedirectMatch 404 ^/include(/?|/.*)$

This handles these cases:

/include 404
/include/ 404
/include/config.inc 404

I had to change the FilesMatch part in order for the /include part to work properly.

EDIT:

The match line also works without the <FilesMatch> section in .htaccess and gives the expected results.

Answer 3

Another possibility is not to bother matching the whole path:

RedirectMatch 404 ^/include

If there are publicly visible URL paths that might start with "/include" (say, "/includeMe"), a small addition will separate the private from the public URLs:

RedirectMatch 404 ^/include(/|$)