Page 1 of 1

HTTP/1.0 403 Forbidden

Posted: Mon Aug 14, 2006 4:33 am
by Benjamin
In IE this works, but firefox gives me a blank page. Any way to fix that?

Code: Select all

if (!defined('SECURITY_CHECK')) {
  header("HTTP/1.0 403 Forbidden");
  exit();
}

Posted: Mon Aug 14, 2006 5:10 am
by volka
Sorry for nagging, but this code does neither work in IE nor in Firefox but on the server. Both browsers only react on the header generated by this script ;)

The IE has a feature called "Show friendly HTTP error messages", predefined messages for know response codes. If the message body is shorter than a certain threshold, the friendly error message is shown - and this certainly applies to a message body of length 0.

Code: Select all

<?php
if (!defined('SECURITY_CHECK')) {
  header('HTTP/1.0 403 Forbidden', true, 403);
  die('403 Forbidden');
} 
?>

Posted: Mon Aug 14, 2006 5:22 am
by Benjamin
I understand that the server processes it and sends the header :P

I didn't know that firefox doesn't display "Friendly Messages" though. That is a real bummer. What do you do for include files that you don't want a user to have direct access to? Just use exit() and send no content?

Posted: Mon Aug 14, 2006 5:37 am
by volka
die('nice try');
or if you want IE users to see this message, too
die('nice try'.str_repeat(' ', 256));

Posted: Mon Aug 14, 2006 5:38 am
by Benjamin
LOL Image Cool

Posted: Mon Aug 14, 2006 5:42 am
by volka
Or really limit access to those files by your webserver.

Posted: Mon Aug 14, 2006 5:50 am
by Jenk
or use an error generator with a nice styled page to match your sites theme and an apology in a central box.

Posted: Mon Aug 14, 2006 5:57 am
by Benjamin
I want to reuse the classes in other applications and I don't want to have a ton of code at the top of every page. I just want to be able to drop in a class without having to worry about modifying paths and the like. Besides, hackers don't need pretty little error pages.