HTTP/1.0 403 Forbidden

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

HTTP/1.0 403 Forbidden

Post by Benjamin »

In IE this works, but firefox gives me a blank page. Any way to fix that?

Code: Select all

if (!defined('SECURITY_CHECK')) {
  header("HTTP/1.0 403 Forbidden");
  exit();
}
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

Sorry for nagging, but this code does neither work in IE nor in Firefox but on the server. Both browsers only react on the header generated by this script ;)

The IE has a feature called "Show friendly HTTP error messages", predefined messages for know response codes. If the message body is shorter than a certain threshold, the friendly error message is shown - and this certainly applies to a message body of length 0.

Code: Select all

<?php
if (!defined('SECURITY_CHECK')) {
  header('HTTP/1.0 403 Forbidden', true, 403);
  die('403 Forbidden');
} 
?>
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

I understand that the server processes it and sends the header :P

I didn't know that firefox doesn't display "Friendly Messages" though. That is a real bummer. What do you do for include files that you don't want a user to have direct access to? Just use exit() and send no content?
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

die('nice try');
or if you want IE users to see this message, too
die('nice try'.str_repeat(' ', 256));
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

LOL Image Cool
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

Or really limit access to those files by your webserver.
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

or use an error generator with a nice styled page to match your sites theme and an apology in a central box.
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

I want to reuse the classes in other applications and I don't want to have a ton of code at the top of every page. I just want to be able to drop in a class without having to worry about modifying paths and the like. Besides, hackers don't need pretty little error pages.
Post Reply