6

I have looked around, and haven't found any questions regarding what I need.

I would like to make something like an "admin.php", but I would like to make it where it returns a 404 if the conditions aren't right. However, a 404 that looks different from all the rest of the 404 pages will hint to the attacker that "admin.php" is a real file.

I don't want to make my own custom 404 page, I think Apache's default 404 is good enough for me. How do I send a 404 that triggers apache to send the already ErrorDocument. I assume this error document, after searching for it, is located (in Ubuntu): "/usr/share/apache2/error/HTTP_NOT_FOUND.html.var"

When I use things like:

<?php
    http_response_code(404);
    die();
?>

it looks like this in the web browser:

enter image description here

When I request a URL that truly isn't on the web server it looks like this:

enter image description here

I would like to know how I could make the "/admin.php" look like the second image, using Apache's default 404 page. Is there a way to do this without using .htaccess files, just from PHP? If not, I'll just have to figure out how to mess with Apache settings then.

Improve this question

2 Answers 2

Reset to default
9

There isn't a way to do this just by returning a 404 as Apache will find the file and therefore will no longer throw an error page. The best thing you can do is emulate the Apache error page:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /<?php echo htmlspecialchars($_SERVER['REQUEST_URI']); ?> was not found on this server.</p>
</body></html>
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

full example php embed (tested) is as follows :

if ( $_SESSION['login_user'] !== "admin" ) {

    echo("<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">");
    echo("<html><head>");
    echo("<title>404 Not Found</title>");
    echo("</head><body>");
    echo("<h1>Not Found</h1>");
    echo("<p>The requested URL ".htmlspecialchars($_SERVER['REQUEST_URI'])." was not found on this server.</p>"); 
    echo("<hr>");
    echo("<address>".apache_get_version()." Server at ".$_SERVER['SERVER_ADDR']." Port ".$_SERVER['SERVER_PORT']."</address>");
    echo("</body></html>");
    exit;
        }
Improve this answer

1 Comment

This is bad practice. You should not echo each individual line. Also echo does not require the brackets.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.