I'd like to change certain directories ( like /icons/) from 403 forbidden to 404 not found












0















I got security check and I have to fix the problems.



I operate the homepage via virtual machine (Ubuntu 16.04.3) by apache2 (Apache 2.4.18).



The security check said that accessing ~/icons/, ~/icons/small/, ~/javascript/ get respond status code 403 (Forbidden) and I have to change them to status code 404 (Not Found) for security.



So, I add in .htaccess file



RedirectMatch 404 /icons/
RedirectMatch 404 /icons/small/
RedirectMatch 404 /javascript/


but it didn't work...



Acutally when I add



RedirectMatch 404 /intro/


then it works in ~/intro/



So, I think the /icons/ and /javascript/ are something different.



Does anybody know why and how to deal with it?



/icons/ is aliased to /usr/share/apache2/icons/ and I change to



RedirectMatch 404 /usr/share/apache2/icons/


but it also doesn't work....










share|improve this question





























    0















    I got security check and I have to fix the problems.



    I operate the homepage via virtual machine (Ubuntu 16.04.3) by apache2 (Apache 2.4.18).



    The security check said that accessing ~/icons/, ~/icons/small/, ~/javascript/ get respond status code 403 (Forbidden) and I have to change them to status code 404 (Not Found) for security.



    So, I add in .htaccess file



    RedirectMatch 404 /icons/
    RedirectMatch 404 /icons/small/
    RedirectMatch 404 /javascript/


    but it didn't work...



    Acutally when I add



    RedirectMatch 404 /intro/


    then it works in ~/intro/



    So, I think the /icons/ and /javascript/ are something different.



    Does anybody know why and how to deal with it?



    /icons/ is aliased to /usr/share/apache2/icons/ and I change to



    RedirectMatch 404 /usr/share/apache2/icons/


    but it also doesn't work....










    share|improve this question



























      0












      0








      0








      I got security check and I have to fix the problems.



      I operate the homepage via virtual machine (Ubuntu 16.04.3) by apache2 (Apache 2.4.18).



      The security check said that accessing ~/icons/, ~/icons/small/, ~/javascript/ get respond status code 403 (Forbidden) and I have to change them to status code 404 (Not Found) for security.



      So, I add in .htaccess file



      RedirectMatch 404 /icons/
      RedirectMatch 404 /icons/small/
      RedirectMatch 404 /javascript/


      but it didn't work...



      Acutally when I add



      RedirectMatch 404 /intro/


      then it works in ~/intro/



      So, I think the /icons/ and /javascript/ are something different.



      Does anybody know why and how to deal with it?



      /icons/ is aliased to /usr/share/apache2/icons/ and I change to



      RedirectMatch 404 /usr/share/apache2/icons/


      but it also doesn't work....










      share|improve this question
















      I got security check and I have to fix the problems.



      I operate the homepage via virtual machine (Ubuntu 16.04.3) by apache2 (Apache 2.4.18).



      The security check said that accessing ~/icons/, ~/icons/small/, ~/javascript/ get respond status code 403 (Forbidden) and I have to change them to status code 404 (Not Found) for security.



      So, I add in .htaccess file



      RedirectMatch 404 /icons/
      RedirectMatch 404 /icons/small/
      RedirectMatch 404 /javascript/


      but it didn't work...



      Acutally when I add



      RedirectMatch 404 /intro/


      then it works in ~/intro/



      So, I think the /icons/ and /javascript/ are something different.



      Does anybody know why and how to deal with it?



      /icons/ is aliased to /usr/share/apache2/icons/ and I change to



      RedirectMatch 404 /usr/share/apache2/icons/


      but it also doesn't work....







      apache2






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Dec 30 '18 at 10:14









      vidarlo

      9,47352445




      9,47352445










      asked Dec 30 '18 at 9:11









      dreamcacaodreamcacao

      1




      1






















          1 Answer
          1






          active

          oldest

          votes


















          0














          First of all, this is essentially cover your ass security. If you use any resources from /icons/ it will be fairly obvious that it is there, and a 404 will not change that. A 403 indicates that the server is correctly configured.



          If you really want to do this, RedirectMatch is the way to go.



          RedirectMatch 404 ^/icons/$


          will return 404 for example.com/icons/, but not example.com/icons/foo.png.



          RedirectMatch 404 ^/icons/.*$


          will return for example.com/icons/foo.png (and any other file in icons) as well.



          Note that if the resources in /icons/ are referenced directly in the output to the browser, this does not improve security in any way, as it's trivially evident that /icons exists. If they are not referenced in the output, but merely used as input for scripts, you should consider moving them out of webroot.






          share|improve this answer
























          • Thanks a lot! I also think this is useless security check... Anyway, your solution doesn't work. I don't know but I think ~/icons/ and ~/javascript/ are something special.

            – dreamcacao
            Dec 31 '18 at 6:10













          • Is the URL example.com/~/icons?

            – vidarlo
            Dec 31 '18 at 11:00











          • No, the url is example.com/icons/ , example.com/icons/small/, example.com/javascript/ I'm sorry for late reply. I've got a cold....

            – dreamcacao
            Jan 4 at 1:19













          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "89"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1105555%2fid-like-to-change-certain-directories-like-icons-from-403-forbidden-to-404%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          0














          First of all, this is essentially cover your ass security. If you use any resources from /icons/ it will be fairly obvious that it is there, and a 404 will not change that. A 403 indicates that the server is correctly configured.



          If you really want to do this, RedirectMatch is the way to go.



          RedirectMatch 404 ^/icons/$


          will return 404 for example.com/icons/, but not example.com/icons/foo.png.



          RedirectMatch 404 ^/icons/.*$


          will return for example.com/icons/foo.png (and any other file in icons) as well.



          Note that if the resources in /icons/ are referenced directly in the output to the browser, this does not improve security in any way, as it's trivially evident that /icons exists. If they are not referenced in the output, but merely used as input for scripts, you should consider moving them out of webroot.






          share|improve this answer
























          • Thanks a lot! I also think this is useless security check... Anyway, your solution doesn't work. I don't know but I think ~/icons/ and ~/javascript/ are something special.

            – dreamcacao
            Dec 31 '18 at 6:10













          • Is the URL example.com/~/icons?

            – vidarlo
            Dec 31 '18 at 11:00











          • No, the url is example.com/icons/ , example.com/icons/small/, example.com/javascript/ I'm sorry for late reply. I've got a cold....

            – dreamcacao
            Jan 4 at 1:19


















          0














          First of all, this is essentially cover your ass security. If you use any resources from /icons/ it will be fairly obvious that it is there, and a 404 will not change that. A 403 indicates that the server is correctly configured.



          If you really want to do this, RedirectMatch is the way to go.



          RedirectMatch 404 ^/icons/$


          will return 404 for example.com/icons/, but not example.com/icons/foo.png.



          RedirectMatch 404 ^/icons/.*$


          will return for example.com/icons/foo.png (and any other file in icons) as well.



          Note that if the resources in /icons/ are referenced directly in the output to the browser, this does not improve security in any way, as it's trivially evident that /icons exists. If they are not referenced in the output, but merely used as input for scripts, you should consider moving them out of webroot.






          share|improve this answer
























          • Thanks a lot! I also think this is useless security check... Anyway, your solution doesn't work. I don't know but I think ~/icons/ and ~/javascript/ are something special.

            – dreamcacao
            Dec 31 '18 at 6:10













          • Is the URL example.com/~/icons?

            – vidarlo
            Dec 31 '18 at 11:00











          • No, the url is example.com/icons/ , example.com/icons/small/, example.com/javascript/ I'm sorry for late reply. I've got a cold....

            – dreamcacao
            Jan 4 at 1:19
















          0












          0








          0







          First of all, this is essentially cover your ass security. If you use any resources from /icons/ it will be fairly obvious that it is there, and a 404 will not change that. A 403 indicates that the server is correctly configured.



          If you really want to do this, RedirectMatch is the way to go.



          RedirectMatch 404 ^/icons/$


          will return 404 for example.com/icons/, but not example.com/icons/foo.png.



          RedirectMatch 404 ^/icons/.*$


          will return for example.com/icons/foo.png (and any other file in icons) as well.



          Note that if the resources in /icons/ are referenced directly in the output to the browser, this does not improve security in any way, as it's trivially evident that /icons exists. If they are not referenced in the output, but merely used as input for scripts, you should consider moving them out of webroot.






          share|improve this answer













          First of all, this is essentially cover your ass security. If you use any resources from /icons/ it will be fairly obvious that it is there, and a 404 will not change that. A 403 indicates that the server is correctly configured.



          If you really want to do this, RedirectMatch is the way to go.



          RedirectMatch 404 ^/icons/$


          will return 404 for example.com/icons/, but not example.com/icons/foo.png.



          RedirectMatch 404 ^/icons/.*$


          will return for example.com/icons/foo.png (and any other file in icons) as well.



          Note that if the resources in /icons/ are referenced directly in the output to the browser, this does not improve security in any way, as it's trivially evident that /icons exists. If they are not referenced in the output, but merely used as input for scripts, you should consider moving them out of webroot.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Dec 30 '18 at 10:13









          vidarlovidarlo

          9,47352445




          9,47352445













          • Thanks a lot! I also think this is useless security check... Anyway, your solution doesn't work. I don't know but I think ~/icons/ and ~/javascript/ are something special.

            – dreamcacao
            Dec 31 '18 at 6:10













          • Is the URL example.com/~/icons?

            – vidarlo
            Dec 31 '18 at 11:00











          • No, the url is example.com/icons/ , example.com/icons/small/, example.com/javascript/ I'm sorry for late reply. I've got a cold....

            – dreamcacao
            Jan 4 at 1:19





















          • Thanks a lot! I also think this is useless security check... Anyway, your solution doesn't work. I don't know but I think ~/icons/ and ~/javascript/ are something special.

            – dreamcacao
            Dec 31 '18 at 6:10













          • Is the URL example.com/~/icons?

            – vidarlo
            Dec 31 '18 at 11:00











          • No, the url is example.com/icons/ , example.com/icons/small/, example.com/javascript/ I'm sorry for late reply. I've got a cold....

            – dreamcacao
            Jan 4 at 1:19



















          Thanks a lot! I also think this is useless security check... Anyway, your solution doesn't work. I don't know but I think ~/icons/ and ~/javascript/ are something special.

          – dreamcacao
          Dec 31 '18 at 6:10







          Thanks a lot! I also think this is useless security check... Anyway, your solution doesn't work. I don't know but I think ~/icons/ and ~/javascript/ are something special.

          – dreamcacao
          Dec 31 '18 at 6:10















          Is the URL example.com/~/icons?

          – vidarlo
          Dec 31 '18 at 11:00





          Is the URL example.com/~/icons?

          – vidarlo
          Dec 31 '18 at 11:00













          No, the url is example.com/icons/ , example.com/icons/small/, example.com/javascript/ I'm sorry for late reply. I've got a cold....

          – dreamcacao
          Jan 4 at 1:19







          No, the url is example.com/icons/ , example.com/icons/small/, example.com/javascript/ I'm sorry for late reply. I've got a cold....

          – dreamcacao
          Jan 4 at 1:19




















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Ask Ubuntu!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1105555%2fid-like-to-change-certain-directories-like-icons-from-403-forbidden-to-404%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          flock() on closed filehandle LOCK_FILE at /usr/bin/apt-mirror

          Mangá

          Eduardo VII do Reino Unido