Skip to content
Advertisement

How to enforce a http 403 or 404?

Is it possible to kind of force a 403 or 404 error?

I have a kind of admin page, where I am trying to prevent hackers from getting into my filesystem on my server. (the path get’s delivered over the url and it would be possible to just pass a ../ into it and get up in my filestructure – I know that’s not a good thing to do it). Anyway If somebody tries to enter a ../ into my url I am currently just using a die(‘forbidden’) to make sure that this area on my server is forbidden.

I was wondering now if it’s actually possible to kind of fire a real forbidden 403 error? I’ve defined a 403 page in my .htaccess document which shows up if it’s a real 403. Is it possible to kind of fire a 403 so that the .htaccess links to the 403 page. I mean I could easily hardcode it and simply link to the 403 error page. I just wondered if this is possible?

Advertisement

Answer

Just issue

header("HTTP/1.0 403 Forbidden");

before any other output.

Also make sure you double, and triple check your path sanitizer.

User contributions licensed under: CC BY-SA
10 People found this is helpful
Advertisement