Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can I return a 404 page not found error 1

Status
Not open for further replies.
IPGuru

IPGuru

Vendor
Jun 24, 2003
8,391
GB
I think the title says it all
What I want to do is have a php script fail to 404 page not found if any number of security checks fail.
so that any potentila hackers will not even be able to confirm the page exists ( i do not want to give away any more clues than absolutly necessary)
 
Sort by date Sort by votes
just make sure you don't output any text (including spaces) before issueing the header.
Nice idea !
 
Upvote 0 Downvote
Update:
It returns the 404 header but I would realylike it to triger my web server (apache) into returning its full 404 page. IE tends to ignore it but firefox (& sensible browsers) do display the page.

The php file in question is part of some AJAX setup & I want any incorrect access to b indestinguishable form a real page not found.
 
Upvote 0 Downvote
Interesting but not really my problem I am happy for useres to get the IE page not found if thats what they get form every other bad page on my site

currently just setting the header gives a blank page in firefox because the Apache 404 page is not sent

I guess I will probably have to manualy recreate it ( or at least include it).
 
Upvote 0 Downvote
It is only intended to discorage the casual hacker anyway
(a more determind hacker would soon be able to see through it )
I though it might still be worth it though because as they say every little helps.
 
Upvote 0 Downvote
You could try an ISAPI filter or look into the new HTTP things that you get with IIS6.0
 
Upvote 0 Downvote
what is ISAPI?
IIS will not run on a sensible server os :)

in truth this ia only a minor requirement - icing on the cake.
Other checks are being performed to ensure validity of the requests & it is for an inhouse project that is not exposed to the outside world. All invalid requests are also logged & reported.

It was more of a thought exersise that might be usefull in the future
 
Upvote 0 Downvote
ISAPI (Information Services API) os a filter which gets called just before your request gets passed on to IIS. ou can do very clever thigns around authneitication in there).
I have to take odds with you I think Windows is a sensibile server OS.
 
Upvote 0 Downvote
hang on ... are we overcomplicating things here?

why not just redirect the browser to a page that you _know_ is missing on your apache server? that way you can guarantee that the right 404 page is given each time.

Code: 
header('Location: doesnotexist.html');

or if that is not nice then slightly more complex
Code: 
$pageContents = file_get_contents('[URL unfurl="true"]http://myserver.com/pagedoesnotexist.php');[/URL]
header("HTTP/1.0 404 Not Found");
//do some dynamic hocus pocus on the $pageContents 
echo $pageContents;
exit();
 
Upvote 0 Downvote
I tried that but noticed on a net work trace that the original page was acknoledged befor the 404 page was returned.

I was hoping to make it look as much like a real 404 page as possible.

it is probably not worth the effort any way because a deliberate hacker would have seen legitamate requests to this page so know that it did exist somewhere.

This is really just a though exercise to see what was possible


 
Upvote 0 Downvote
can you show the network trace perhaps? apache should not acknowedge that a page is found before output is sent from php (if, as I assume, you have set up php as a sapi and not a cgi).
 
Upvote 0 Downvote
Apache Mysql & PHP are running on a Fedora 8 system
unfortunatly I have not had suficent spare time to run the wireshark trace you have asked for as this is realy personal experimentation & of verry low priority

however I do thank everyone for there interest & suggestions
if I do get a trace in the next week I will post it for comments
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

R
  • Question
How Can I Use MySQL To Send Data To An Email
Replies
1
Views
277
Chris Miller
Chris Miller
mervgh
  • Locked
  • Question
My own custom error handler
Replies
1
Views
264
Chris Miller
Chris Miller
c0deM0nK424
  • Locked
  • Question
Gutenberg Block Editor - page edits and updates not working since wp site migration
Replies
1
Views
656
spamjim
spamjim
EdLentz
  • Locked
  • Question
I need a simple example of how to send a table of info .
Replies
8
Views
450
EdLentz
EdLentz
P
  • Locked
  • Question
JPgraph - How to stop a line graph from dropping to zero?
Replies
2
Views
393
Chris Miller
Chris Miller

Part and Inventory Search

Sponsor

Back
Top