Is it possible to kind of force a 403 or 404 error?
I have a kind of admin page, where I am trying to prevent hackers from getting into my filesystem on my server. (the path get’s delivered over the url and it would be possible to just pass a ../ into it and get up in my filestructure – I know that’s not a good thing to do it). Anyway If somebody tries to enter a ../ into my url I am currently just using a die(‘forbidden’) to make sure that this area on my server is forbidden.
I was wondering now if it’s actually possible to kind of fire a real forbidden 403 error? I’ve defined a 403 page in my .htaccess document which shows up if it’s a real 403. Is it possible to kind of fire a 403 so that the .htaccess links to the 403 page. I mean I could easily hardcode it and simply link to the 403 error page. I just wondered if this is possible?
Advertisement
Answer
Just issue
header("HTTP/1.0 403 Forbidden");
before any other output.
Also make sure you double, and triple check your path sanitizer.