Page 1 of 1
HTTP/1.0 403 Forbidden
Posted: Mon Aug 14, 2006 4:33 am
by Benjamin
In IE this works, but firefox gives me a blank page. Any way to fix that?
Code: Select all
if (!defined('SECURITY_CHECK')) {
header("HTTP/1.0 403 Forbidden");
exit();
}
Posted: Mon Aug 14, 2006 5:10 am
by volka
Sorry for nagging, but this code does neither work in IE nor in Firefox but on the server. Both browsers
only react on the header generated by this script
The IE has a feature called
"Show friendly HTTP error messages", predefined messages for know response codes. If the message body is shorter than a certain threshold, the
friendly error message is shown - and this certainly applies to a message body of length 0.
Code: Select all
<?php
if (!defined('SECURITY_CHECK')) {
header('HTTP/1.0 403 Forbidden', true, 403);
die('403 Forbidden');
}
?>
Posted: Mon Aug 14, 2006 5:22 am
by Benjamin
I understand that the server processes it and sends the header
I didn't know that firefox doesn't display "Friendly Messages" though. That is a real bummer. What do you do for include files that you don't want a user to have direct access to? Just use exit() and send no content?
Posted: Mon Aug 14, 2006 5:37 am
by volka
die('nice try');
or if you want IE users to see this message, too
die('nice try'.str_repeat(' ', 256));
Posted: Mon Aug 14, 2006 5:38 am
by Benjamin
LOL

Cool
Posted: Mon Aug 14, 2006 5:42 am
by volka
Or really limit access to those files by your webserver.
Posted: Mon Aug 14, 2006 5:50 am
by Jenk
or use an error generator with a nice styled page to match your sites theme and an apology in a central box.
Posted: Mon Aug 14, 2006 5:57 am
by Benjamin
I want to reuse the classes in other applications and I don't want to have a ton of code at the top of every page. I just want to be able to drop in a class without having to worry about modifying paths and the like. Besides, hackers don't need pretty little error pages.