In this thread (http://www.aota.net/forums/showthread.php?postid=101126#post101129) Deb saidCHMOD the site to prevent it from being able to be viewed on the web.... How do I do that? And how do I undo it?

In the CNC file manager select the files you want to change and click change mode. I think 640 would do the trick.

I tried chmod-ing the /www directory. The CNC doesn't allow this so I used my FTP client. None of the permissions I tried had any effect.

Okay - I used htaccess "deny all" and that does the trick. (This is for a site whose owner is severely in arrears.) However, instead of a visitor to the site getting the "Forbidden" message I'd rather have something that says the site is currently unavailable. How would I do that?

I suppose I could create the page and redirect every other page to it, using htaccess, but I don't know htaccess well enough. For example, would it redirect that page to itself? You can see you're dealing with a bit of a dunce here. Please help!

You can leave the Deny All in place and put a custom error page for the 403 error, which is the "Forbidden" error.

In other words, create a web page that you would like visitors to see. Leave the Deny All in place in the .htaccess file. And also, to the .htaccess file add a command to indicate the newly created web page as your 403 ErrorDocument.

Here are some tutorials and links to previous forum posts that may help:

http://service.futurequest.net/?_a=knowledgebase&_j=questiondetails&_i=314
http://service.futurequest.net/?_a=knowledgebase&_j=questiondetails&_i=311
http://www.aota.net/forums/showthread.php?s=&threadid=17333
http://www.aota.net/forums/showthread.php?s=&threadid=16526
http://www.aota.net/forums/showthread.php?s=&threadid=14090

Thanks, Sheila. But I'm doing something wrong. My new 403.html is in the www directory, as is the .htaccess file, which says ErrorDocument 403 /403.html
<files "*.*">
Deny from All
</files>I still get the standard "Forbidden" 403, which also says Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. I tried changing the order of commands, removing the fwd slash, nothing works.

I am using the following .htaccess file right now (as a test)

ErrorDocument 404 /404.html
ErrorDocument 403 /403.html
order allow,deny
deny from all

here:
http://thinkspot.net/test/

and it is consistently showing me the custom 403 page for my site.

Hmmm. Copied your code exactly . . . still getting the standard 403 with the " 403 Forbidden error was encountered . . . " message.

:waa:

Do you have other .htaccess files on the site? Especially in the directory above?

Are there *any* other directives in the .htaccess file that you are not showing us? Or are you using exactly the file I pasted with nothing else?

Is this on an IRM or IRO domain?

Anything you can tell us that is unusual or noteworthy about the way this account is set up?

OK, I looked at the site, since a little bird told the Service Desk the domain in question.

You do have a .htaccess file in the directory above the /www. Try renaming that file to something like .htaccess.bak and see if that changes the behavior.

There's an .htaccess file in the /xdomain/ directory that looks like this:### CNC_START: BEGIN CUSTOM WEBSITE CONFIGURATION
### DO NOT EDIT THIS SECTION, CHANGES WILL BE LOST
Options -Indexes
php_value error_reporting 7
php_flag display_errors off
### CNC_END: END CUSTOM WEBSITE CONFIGURATIONwhich I've never seen before. It's a full domain, not IRM or IRO.

Try renaming that file to something like .htaccess.bak and see if that changes the behavior. Nope. Didn't change anything.

Binky, I just tried moving that .htaccess file into the root directory of my own site for a quick moment to check, and I get the exact same behavior as what you are seeing when I do that. I suspect that it may be for the following reason:

You are trying to forbid access to all files on the site in the /www folder, and therefore you cannot serve the 403 file from within the /www folder.

A possible workaround would be to redirect temporary to a subdirectory of the site, deny access to that subdirectory, and set the 403 error document on that subdirectory to the custom 403 page you made in the /www directory.

I'm lost.

OK, I managed to get it to work by doing the following

(Reference: http://httpd.apache.org/docs/mod/mod_alias.html.en#redirectmatch )

Set up a subdirectory under /www that is used only for the purpose of redirecting to that directory in order to deny access.

Say:
/www/unavailable/

In the directory /www/unavailable/ (or whatever you choose to call it) put the .htaccess file shown above.

Now in the /www root directory put this .htaccess file:

ErrorDocument 404 /404.html
ErrorDocument 403 /403.html
RedirectMatch 302 /[^(403).*] http://example.com/unavailable/

This essentially redirects all files in your /www folder, execept for the 403 file, to the /unavailable subdirectory. But that subdirectory has a "deny" on it that sends to the custom 403.html file in the /www directory.

Hope that is clear...

Ahhh! That did it. One more tiny problem, though, and I don't know if anything can be done. In Firefox and Opera, I get my custom error page. But in IE I get the "You are not authorized to view this page" so-called friendly error page.

You know, it occurs to me afterwards, that you really don't need to make the whole thing as complicated as I described above.

Simply ignoring all the nonsense about subdirectories and having two .htaccess files and doing just this will work too, and is much simpler...

Have one .htaccess file in the /www folder, as follows:

ErrorDocument 404 /404.html
ErrorDocument 403 /403.html
RedirectMatch 302 /[^(403).*] http://example.com/403.html

Just redirect everything, except for the 403 file, to the 403 file. Oops. lol.

But what about this:When specifying any custom or other error documents in .htaccess never use your full domain path as this may result in a looping situation:

I said But in IE I get the "You are not authorized to view this page" so-called friendly error page. I googled (http://www.oreillynet.com/pub/wlg/1983) a workaround:make sure the login page is a decent size, stick a graphic in it, that way IE thinks its a 'custom error page' and displays it.

Originally posted by Binky:
But what about this:
When specifying any custom or other error documents in .htaccess never use your full domain path as this may result in a looping situation:
If you are refering to this FAQ:
http://service.futurequest.net/?_a=knowledgebase&_j=questiondetails&_i=314

Then note that in the 404 and 403 ErrorDocument directives in the .htaccess file, that I am not using a full URL to denote the error document. However, in the RedirectMatch directive I am, and if you check the Apache documentation that I linked it specifies that a URL should be used there, not a path. So I am following the docs.

This cannot cause a looping situation, because the Regex that is used specifically excludes the 403 file. Since I do not redirect the 403 file, it shouldn't make a loop.

Looping on error documents happens when an error occurs and in trying to redirect to the error document, if a URL with domain is used, Apache will make another HTTP request to the error document all over again. That's where the loop can occur. If only a path is used, Apache will simply serve the error document and not make another HTTP request.