I have this simple mod_rewrite rule in my .htaccess, and both my browser tools (Firebug and Web Dev Toolbar) and my apache logs are showing the server returning a 404 instead of 403. Just wondering if this is normal, and if not, what can I do to remedy it?
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_ADDR} !^(192\.168\.0\.11|192\.168\.0\.161)$
RewriteRule ^(admin|login\.php) - [F]
</IfModule>
Server replies:
GET login.php 404 Not Found
Log file shows:
(404) (Request:) "GET /login.php HTTP/1.1"
EDIT 1:
One more thing. Should I include the [L] last flag after the [F] forbidden? e.g. [F,L] Thanks! 🙂
EDIT 2:
The files in question most definitely exist. When I change the IP address to allow myself access, I am able to http to them with no problem. Also, when I change the [F] to [G], the expected server response (410 Gone) is returned.
Best Answer
As it turns out, my apache2 vhost has the following
ErrorDocumentdirectives:... and the 404.php file does not exist (purposely). When 403 is commented out,
[F]works as expected.