I know you can send a header that tells the browser this page is forbidden like:
header('HTTP/1.0 403 Forbidden');
But how can I also display the custom error page that has been created on the server for this type of error?
By default, just sending the header displays a white page, but I remember a while back reading that you can use the customer error page. Does anybody know?
This question is related to
php
header
http-status-code-403
The answer is
I have read all the answers here and none of them was complete answer for my situation (which is exactly the same in this question) so here is how I gathered some parts of the suggested answers and come up with the exact solution:
- Land on your server's real 403 page. (Go to a forbidden URL on your server, or go to any 403 page you like)
- Right-click and select 'view source'. Select all the source and save it to file on your domain like: http://domain.com/403.html
- now go to your real forbidden page (or a forbidden situation in some part of your php) example: http://domain.com/members/this_is_forbidden.php
echo this code below before any HTML output or header! (even a whitespace will cause PHP to send HTML/TEXT HTTP Header and it won't work) The code below should be your first line!
<?php header('HTTP/1.0 403 Forbidden'); $contents = file_get_contents('/home/your_account/public_html/domain.com/403.html', TRUE); exit($contents);
Now you have the exact solution. I checked and verified with CPANEL Latest Visitors and it is registered as exact 403 event.
.htaccess
ErrorDocument 403 /403.html
http_response_code was introduced in PHP 5.4 and made the things a lot easier!
http_response_code(403);
die('Forbidden');
To minimize the duty of the server make it simple:
.htaccess
ErrorDocument 403 "Forbidden"
PHP
header('HTTP/1.0 403 Forbidden');
die(); // or your message: die('Forbidden');
Seen a lot of the answers, but the correct one is to provide the full options for the header function call as per the php manual
void header ( string $string [, bool $replace = true [, int $http_response_code ]] )
If you invoke with
header('HTTP/1.0 403 Forbidden', true, 403);
the normal behavior of HTTP 403 as configured with Apache or any other server would follow.
Refresh the page after sending the 403:
<?php
header('HTTP/1.0 403 Forbidden');
?>
<html><head>
<meta http-equiv="refresh" content="0;URL=http://my.error.page">
</head><body></body></html>
Use ModRewrite:
RewriteRule ^403.html$ - [F]
Just make sure you create a blank document called "403.html" in your www root or you'll get a 404 error instead of 403.
I understand you have a scenario with ErrorDocument already defined within your apache conf or .htaccess and want to make those pages appear when manually sending a 4xx status code via php.
Unfortunately this is not possible with common methods because php sends header directly to user's browser (not to Apache web server) whereas ErrorDocument is a display handler for http status generated from Apache.
Just echo your content after sending the header.
header('HTTP/1.0 403 Forbidden');
echo 'You are forbidden!';
For this you must first say for the browser that the user receive an error 403. For this you can use this code:
header("HTTP/1.1 403 Forbidden" );
Then, the script send "error, error, error, error, error.......", so you must stop it. You can use
exit;
With this two lines the server send an error and stop the script.
Don't forget : that emulate the error, but you must set it in a .htaccess file, with
ErrorDocument 403 /error403.php
Source: Stackoverflow.com