Sundar Sundar - 2 months ago 16
Apache Configuration Question

Show customized error page for forbidden request

I am trying to validate the following URL's

http://www.domain.com/foldername/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd

But this was showing as 403 forbidden of default server error instead of customized error page

My

.htaccess
file configuration is

ErrorDocument 404 /404.php
ErrorDocument 403 /403.php


For Example,

For this URL we got the customized error page http://stackoverflow.com/welcome

enter image description here

But If we execute this URL we got the default error page of server

http://stackoverflow.com/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd

enter image description here

How to solve this issue?

Thanks in advance

Answer

You can add to your httpd.conf

AllowEncodedSlashes On 

And restart apache.

After that apache should treat your url as valid. ( so 404 page should be shown )