I'd like to change certain directories ( like /icons/) from 403 forbidden to 404 not found












0















I got security check and I have to fix the problems.



I operate the homepage via virtual machine (Ubuntu 16.04.3) by apache2 (Apache 2.4.18).



The security check said that accessing ~/icons/, ~/icons/small/, ~/javascript/ get respond status code 403 (Forbidden) and I have to change them to status code 404 (Not Found) for security.



So, I add in .htaccess file



RedirectMatch 404 /icons/

RedirectMatch 404 /icons/small/ 

RedirectMatch 404 /javascript/


but it didn't work...



Acutally when I add 



RedirectMatch 404 /intro/


then it works in ~/intro/



So, I think the /icons/ and /javascript/ are something different.



Does anybody know why and how to deal with it?



/icons/ is aliased to /usr/share/apache2/icons/ and I change to 



RedirectMatch 404 /usr/share/apache2/icons/


but it also doesn't work....






apache2







share|improve this question





























    0















    I got security check and I have to fix the problems.



    I operate the homepage via virtual machine (Ubuntu 16.04.3) by apache2 (Apache 2.4.18).



    The security check said that accessing ~/icons/, ~/icons/small/, ~/javascript/ get respond status code 403 (Forbidden) and I have to change them to status code 404 (Not Found) for security.



    So, I add in .htaccess file



    RedirectMatch 404 /icons/
    
RedirectMatch 404 /icons/small/ 
    
RedirectMatch 404 /javascript/


    but it didn't work...



    Acutally when I add 



    RedirectMatch 404 /intro/


    then it works in ~/intro/



    So, I think the /icons/ and /javascript/ are something different.



    Does anybody know why and how to deal with it?



    /icons/ is aliased to /usr/share/apache2/icons/ and I change to 



    RedirectMatch 404 /usr/share/apache2/icons/


    but it also doesn't work....






    apache2







    share|improve this question



























      0












      0








      0








      I got security check and I have to fix the problems.



      I operate the homepage via virtual machine (Ubuntu 16.04.3) by apache2 (Apache 2.4.18).



      The security check said that accessing ~/icons/, ~/icons/small/, ~/javascript/ get respond status code 403 (Forbidden) and I have to change them to status code 404 (Not Found) for security.



      So, I add in .htaccess file



      RedirectMatch 404 /icons/
      
RedirectMatch 404 /icons/small/ 
      
RedirectMatch 404 /javascript/


      but it didn't work...



      Acutally when I add 



      RedirectMatch 404 /intro/


      then it works in ~/intro/



      So, I think the /icons/ and /javascript/ are something different.



      Does anybody know why and how to deal with it?



      /icons/ is aliased to /usr/share/apache2/icons/ and I change to 



      RedirectMatch 404 /usr/share/apache2/icons/


      but it also doesn't work....






      apache2







      share|improve this question
















      I got security check and I have to fix the problems.



      I operate the homepage via virtual machine (Ubuntu 16.04.3) by apache2 (Apache 2.4.18).



      The security check said that accessing ~/icons/, ~/icons/small/, ~/javascript/ get respond status code 403 (Forbidden) and I have to change them to status code 404 (Not Found) for security.



      So, I add in .htaccess file



      RedirectMatch 404 /icons/
      
RedirectMatch 404 /icons/small/ 
      
RedirectMatch 404 /javascript/


      but it didn't work...



      Acutally when I add 



      RedirectMatch 404 /intro/


      then it works in ~/intro/



      So, I think the /icons/ and /javascript/ are something different.



      Does anybody know why and how to deal with it?



      /icons/ is aliased to /usr/share/apache2/icons/ and I change to 



      RedirectMatch 404 /usr/share/apache2/icons/


      but it also doesn't work....






      apache2




      apache2






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Dec 30 '18 at 10:14









      vidarlo

      9,47352445




      9,47352445










      asked Dec 30 '18 at 9:11









      dreamcacaodreamcacao

      1




      1






















          1 Answer
          1






          active

          oldest

          votes


















          0














          First of all, this is essentially cover your ass security. If you use any resources from /icons/ it will be fairly obvious that it is there, and a 404 will not change that. A 403 indicates that the server is correctly configured.



          If you really want to do this, RedirectMatch is the way to go.



          RedirectMatch 404 ^/icons/$


          will return 404 for example.com/icons/, but not example.com/icons/foo.png.



          RedirectMatch 404 ^/icons/.*$


          will return for example.com/icons/foo.png (and any other file in icons) as well.



          Note that if the resources in /icons/ are referenced directly in the output to the browser, this does not improve security in any way, as it's trivially evident that /icons exists. If they are not referenced in the output, but merely used as input for scripts, you should consider moving them out of webroot.






          share|improve this answer
























          • Thanks a lot! I also think this is useless security check... Anyway, your solution doesn't work. I don't know but I think ~/icons/ and ~/javascript/ are something special.

            – dreamcacao
            Dec 31 '18 at 6:10













          • Is the URL example.com/~/icons?

            – vidarlo
            Dec 31 '18 at 11:00











          • No, the url is example.com/icons/ , example.com/icons/small/, example.com/javascript/ I'm sorry for late reply. I've got a cold....

            – dreamcacao
            Jan 4 at 1:19













          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "89"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1105555%2fid-like-to-change-certain-directories-like-icons-from-403-forbidden-to-404%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          0














          First of all, this is essentially cover your ass security. If you use any resources from /icons/ it will be fairly obvious that it is there, and a 404 will not change that. A 403 indicates that the server is correctly configured.



          If you really want to do this, RedirectMatch is the way to go.



          RedirectMatch 404 ^/icons/$


          will return 404 for example.com/icons/, but not example.com/icons/foo.png.



          RedirectMatch 404 ^/icons/.*$


          will return for example.com/icons/foo.png (and any other file in icons) as well.



          Note that if the resources in /icons/ are referenced directly in the output to the browser, this does not improve security in any way, as it's trivially evident that /icons exists. If they are not referenced in the output, but merely used as input for scripts, you should consider moving them out of webroot.






          share|improve this answer
























          • Thanks a lot! I also think this is useless security check... Anyway, your solution doesn't work. I don't know but I think ~/icons/ and ~/javascript/ are something special.

            – dreamcacao
            Dec 31 '18 at 6:10













          • Is the URL example.com/~/icons?

            – vidarlo
            Dec 31 '18 at 11:00











          • No, the url is example.com/icons/ , example.com/icons/small/, example.com/javascript/ I'm sorry for late reply. I've got a cold....

            – dreamcacao
            Jan 4 at 1:19


















          0














          First of all, this is essentially cover your ass security. If you use any resources from /icons/ it will be fairly obvious that it is there, and a 404 will not change that. A 403 indicates that the server is correctly configured.



          If you really want to do this, RedirectMatch is the way to go.



          RedirectMatch 404 ^/icons/$


          will return 404 for example.com/icons/, but not example.com/icons/foo.png.



          RedirectMatch 404 ^/icons/.*$


          will return for example.com/icons/foo.png (and any other file in icons) as well.



          Note that if the resources in /icons/ are referenced directly in the output to the browser, this does not improve security in any way, as it's trivially evident that /icons exists. If they are not referenced in the output, but merely used as input for scripts, you should consider moving them out of webroot.






          share|improve this answer
























          • Thanks a lot! I also think this is useless security check... Anyway, your solution doesn't work. I don't know but I think ~/icons/ and ~/javascript/ are something special.

            – dreamcacao
            Dec 31 '18 at 6:10













          • Is the URL example.com/~/icons?

            – vidarlo
            Dec 31 '18 at 11:00











          • No, the url is example.com/icons/ , example.com/icons/small/, example.com/javascript/ I'm sorry for late reply. I've got a cold....

            – dreamcacao
            Jan 4 at 1:19
















          0












          0








          0







          First of all, this is essentially cover your ass security. If you use any resources from /icons/ it will be fairly obvious that it is there, and a 404 will not change that. A 403 indicates that the server is correctly configured.



          If you really want to do this, RedirectMatch is the way to go.



          RedirectMatch 404 ^/icons/$


          will return 404 for example.com/icons/, but not example.com/icons/foo.png.



          RedirectMatch 404 ^/icons/.*$


          will return for example.com/icons/foo.png (and any other file in icons) as well.



          Note that if the resources in /icons/ are referenced directly in the output to the browser, this does not improve security in any way, as it's trivially evident that /icons exists. If they are not referenced in the output, but merely used as input for scripts, you should consider moving them out of webroot.






          share|improve this answer













          First of all, this is essentially cover your ass security. If you use any resources from /icons/ it will be fairly obvious that it is there, and a 404 will not change that. A 403 indicates that the server is correctly configured.



          If you really want to do this, RedirectMatch is the way to go.



          RedirectMatch 404 ^/icons/$


          will return 404 for example.com/icons/, but not example.com/icons/foo.png.



          RedirectMatch 404 ^/icons/.*$


          will return for example.com/icons/foo.png (and any other file in icons) as well.



          Note that if the resources in /icons/ are referenced directly in the output to the browser, this does not improve security in any way, as it's trivially evident that /icons exists. If they are not referenced in the output, but merely used as input for scripts, you should consider moving them out of webroot.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Dec 30 '18 at 10:13









          vidarlovidarlo

          9,47352445




          9,47352445













          • Thanks a lot! I also think this is useless security check... Anyway, your solution doesn't work. I don't know but I think ~/icons/ and ~/javascript/ are something special.

            – dreamcacao
            Dec 31 '18 at 6:10













          • Is the URL example.com/~/icons?

            – vidarlo
            Dec 31 '18 at 11:00











          • No, the url is example.com/icons/ , example.com/icons/small/, example.com/javascript/ I'm sorry for late reply. I've got a cold....

            – dreamcacao
            Jan 4 at 1:19





















          • Thanks a lot! I also think this is useless security check... Anyway, your solution doesn't work. I don't know but I think ~/icons/ and ~/javascript/ are something special.

            – dreamcacao
            Dec 31 '18 at 6:10













          • Is the URL example.com/~/icons?

            – vidarlo
            Dec 31 '18 at 11:00











          • No, the url is example.com/icons/ , example.com/icons/small/, example.com/javascript/ I'm sorry for late reply. I've got a cold....

            – dreamcacao
            Jan 4 at 1:19



















          Thanks a lot! I also think this is useless security check... Anyway, your solution doesn't work. I don't know but I think ~/icons/ and ~/javascript/ are something special.

          – dreamcacao
          Dec 31 '18 at 6:10







          Thanks a lot! I also think this is useless security check... Anyway, your solution doesn't work. I don't know but I think ~/icons/ and ~/javascript/ are something special.

          – dreamcacao
          Dec 31 '18 at 6:10















          Is the URL example.com/~/icons?

          – vidarlo
          Dec 31 '18 at 11:00





          Is the URL example.com/~/icons?

          – vidarlo
          Dec 31 '18 at 11:00













          No, the url is example.com/icons/ , example.com/icons/small/, example.com/javascript/ I'm sorry for late reply. I've got a cold....

          – dreamcacao
          Jan 4 at 1:19







          No, the url is example.com/icons/ , example.com/icons/small/, example.com/javascript/ I'm sorry for late reply. I've got a cold....

          – dreamcacao
          Jan 4 at 1:19




















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Ask Ubuntu!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1105555%2fid-like-to-change-certain-directories-like-icons-from-403-forbidden-to-404%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          flock() on closed filehandle LOCK_FILE at /usr/bin/apt-mirror

          Image
          0 I recently upgraded an Ubuntu 16.04 virtual machine to 18.04. I regularly use this VM to run apt-mirror at school on their high-speed internet, then rsync these files to my rack-mount server at home for updating multiple computers at home without wasting the tiny amount of bandwidth I have there. Since updating I can't get apt-mirror to run on my VM. It keeps giving the error: flock() on closed filehandle LOCK_FILE at /usr/bin/apt-mirror line 214 immediately followed by: apt-mirror is already running, exiting at /usr/bin/apt-mirror line 217 apt-mirror is NOT running, and does not have a cron job. I've tried rebooting, and even looked for the old-style lockfile to delete, but I guess that method is no longer used. Is there some way to force unlock this so I can run apt-mirror? UPDATE: So... I f
          Read more

          Mangá

          Image
            Nota:  Não confundir com Manga. Mangás e Animes Mangá Mangaká • Tankōbon Film comic La nouvelle manga Mangá original em inglês Anime História Animação influenciada por animes • Filler • OVA • Seiyū Públicos Kodomo • Shōjo • Shōnen Josei • Seinen Gêneros Mahō shōjo • Mecha • Harém Ecchi • Hentai ( Yaoi • Yuri Futanari • Shotacon • Lolicon Toddlercon ) Termos Bishōjo • Chibi • Fan service Gaiden • Kawaii • Kaitō • Light novel Mahō shōnen • Moe (antropomorfismo • Kemonomimi Nekomimi ) • Super deformed Omake • Tsundere • Yonkoma Listas Mangás • Animes • Ecchi • Mangaka • Estúdios • Revistas Fãs ( otaku ) Anime Music Video Convenções • Cosplay Dōjinshi • Fansub • Fandub • Fujoshi OS-tan • Scanlation Portal de Anime e mangá v d e O mangá (português brasileiro) ou manga (português europeu) [ 1 ] (em japonês: 漫画 , manga ? , lit. “história em quadrinhos”) , é a
          Read more

           ⁒  ․,‪⁊‑⁙ ⁖, ⁇‒※‌, †,⁖‗‌⁝    ‾‸⁘,‖⁔⁣,⁂‾
”‑,‥–,‬ ,⁀‹⁋‴⁑ ‒ ,‴⁋”‼ ⁨,‷⁔„ ‰′,‐‚ ‥‡‎“‷⁃⁨⁅⁣,⁔
⁇‘⁔⁡⁏⁌⁡‿‶‏⁨ ⁣⁕⁖⁨⁩⁥‽⁀  ‴‬⁜‟ ⁃‣‧⁕‮ …‍⁨‴ ⁩,⁚⁖‫ ,‵ ⁀,‮⁝‣‣ ⁑  ⁂– ․, ‾‽ ‏⁁“⁗‸ ‾… ‹‡⁌⁎‸‘ ‡⁏⁌‪ ‵⁛ ‎⁨ ―⁦⁤⁄⁕

          ⁉…‧ ⁩,“⁡‹⁃‽⁞•,⁠‚  ⁓⁎  ⁜ ‴ ⁥⁡⁎‭,‍‑⁁⁌⁦ ⁁‟⁙‥‒“⁈ ,‪⁧ ⁙‿⁇⁦,⁝‘ ⁎“⁘‫‪,‗‹‛‹⁒  ⁇⁄‗‒•“⁇   ‐ ⁂
‘‛, ‶⁦ ⁇ ​⁞‧ 
,⁏ …‹–⁗⁡⁘⁄ ‏‿‬‟″ ‏⁢⁦⁗⁚⁝‬⁢⁏,⁧″⁍′‖⁂※⁄‘– ‵⁡ ‭⁢⁚,⁅‧,‼‛⁗,⁡⁗“⁔⁃⁍‷⁏‗‱⁌‚  
•⁝ ‚‒ ‥‰  ′⁌, ⁄, ⁛—‭‑”⁂,⁑ ‡⁨‴⁖⁙…,‑, ,⁎,․‣‥  ‴‎⁎,″‛⁎‭‿ ⁤ ‷‾‼‖,⁠⁊‾,⁦“‗‑‌†,⁙,†⁝′ 
,―‚․‘, ⁢  ‿‌,⁀„‣,⁌,‭‖ ⁆“‪,―  ⁀ ⁃,
‷⁥,​,‟‗⁄⁉⁐⁗―
,‮⁢⁩⁆⁣‹‭⁅ ⁝‾‏‭⁖ ⁕⁄‷,†‟‒ ⁣‹,​…​,⁤⁂⁨‮⁎⁙–‟‼ ⁍‱‱,‽,‫‽‣ ⁒,⁨ ⁄ ⁝”„‿‑‎⁈‿
 ⁀‛‼‟ ⁑“,⁩​ ‒
–⁡…⁢ ⁂ ⁈⁎,‵‡,⁛,,‱⁧⁋,․‬⁄ “,⁄‴⁊  ‗―,‵⁙⁔—⁀ —  ⁀‬‬ ‒⁋‼⁀― ,⁌′ ‍‶ ’
          Read more