Apache 2.4 ErrorDocument 403 does not work well with Require ip

apache-2.4Apache2

I want to whitelist one IP for a site I've set up in a virtualhost file. Within the <VirtualHost> section, I've set these 2 basic rules:

ErrorDocument 403 /var/www/html/403.html
<Location />
    Require ip xxx.xxx.xxx.xxx
</Location>

When I access the site outside the allowed IP, I get the generic Apache "Forbidden" page instead of the custom one I'm trying to use. I even get the extra message "Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request." It kinda makes sense since I'm not allowing access to any URL to disallowed IP's, but obviously I'd like to make one exception to view my custom 403 page.

FWIW within the VirtualHost, DocumentRoot has already been set within /var/www/vhosts/blahblah so I figured /var/www/html/403.html would not be restricted. I've seen some form of this question asked on this site and others, but no one seems to have a real working solution, especially for 2.4 – any Apache engineers present? =]

Best Answer

Either exclude the Location containing the error page from the Location / directive denying access by preceding that with a 

  <Location/403.html  >
         Require all granted
   </Location>

Or ensure that the error document is outside the Location / that is denied by using a different (sub) domain to present the error

I.e. use something like :

 ErrorDocument 403 https://errors.example.com/403.html
Related Topic