I'd like to change certain directories ( like /icons/) from 403 forbidden to 404 not found












0














I got security check and I have to fix the problems.



I operate the homepage via virtual machine (Ubuntu 16.04.3) by apache2 (Apache 2.4.18).



The security check said that accessing ~/icons/, ~/icons/small/, ~/javascript/ get respond status code 403 (Forbidden) and I have to change them to status code 404 (Not Found) for security.



So, I add in .htaccess file



RedirectMatch 404 /icons/

RedirectMatch 404 /icons/small/ 

RedirectMatch 404 /javascript/


but it didn't work...



Acutally when I add 



RedirectMatch 404 /intro/


then it works in ~/intro/



So, I think the /icons/ and /javascript/ are something different.



Does anybody know why and how to deal with it?



/icons/ is aliased to /usr/share/apache2/icons/ and I change to 



RedirectMatch 404 /usr/share/apache2/icons/


but it also doesn't work....






apache2







share|improve this question









New contributor




dreamcacao is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

























    0














    I got security check and I have to fix the problems.



    I operate the homepage via virtual machine (Ubuntu 16.04.3) by apache2 (Apache 2.4.18).



    The security check said that accessing ~/icons/, ~/icons/small/, ~/javascript/ get respond status code 403 (Forbidden) and I have to change them to status code 404 (Not Found) for security.



    So, I add in .htaccess file



    RedirectMatch 404 /icons/
    
RedirectMatch 404 /icons/small/ 
    
RedirectMatch 404 /javascript/


    but it didn't work...



    Acutally when I add 



    RedirectMatch 404 /intro/


    then it works in ~/intro/



    So, I think the /icons/ and /javascript/ are something different.



    Does anybody know why and how to deal with it?



    /icons/ is aliased to /usr/share/apache2/icons/ and I change to 



    RedirectMatch 404 /usr/share/apache2/icons/


    but it also doesn't work....






    apache2







    share|improve this question









    New contributor




    dreamcacao is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.























      0












      0








      0







      I got security check and I have to fix the problems.



      I operate the homepage via virtual machine (Ubuntu 16.04.3) by apache2 (Apache 2.4.18).



      The security check said that accessing ~/icons/, ~/icons/small/, ~/javascript/ get respond status code 403 (Forbidden) and I have to change them to status code 404 (Not Found) for security.



      So, I add in .htaccess file



      RedirectMatch 404 /icons/
      
RedirectMatch 404 /icons/small/ 
      
RedirectMatch 404 /javascript/


      but it didn't work...



      Acutally when I add 



      RedirectMatch 404 /intro/


      then it works in ~/intro/



      So, I think the /icons/ and /javascript/ are something different.



      Does anybody know why and how to deal with it?



      /icons/ is aliased to /usr/share/apache2/icons/ and I change to 



      RedirectMatch 404 /usr/share/apache2/icons/


      but it also doesn't work....






      apache2







      share|improve this question









      New contributor




      dreamcacao is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      I got security check and I have to fix the problems.



      I operate the homepage via virtual machine (Ubuntu 16.04.3) by apache2 (Apache 2.4.18).



      The security check said that accessing ~/icons/, ~/icons/small/, ~/javascript/ get respond status code 403 (Forbidden) and I have to change them to status code 404 (Not Found) for security.



      So, I add in .htaccess file



      RedirectMatch 404 /icons/
      
RedirectMatch 404 /icons/small/ 
      
RedirectMatch 404 /javascript/


      but it didn't work...



      Acutally when I add 



      RedirectMatch 404 /intro/


      then it works in ~/intro/



      So, I think the /icons/ and /javascript/ are something different.



      Does anybody know why and how to deal with it?



      /icons/ is aliased to /usr/share/apache2/icons/ and I change to 



      RedirectMatch 404 /usr/share/apache2/icons/


      but it also doesn't work....






      apache2




      apache2






      share|improve this question









      New contributor




      dreamcacao is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      share|improve this question









      New contributor




      dreamcacao is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      share|improve this question




      share|improve this question








      edited Dec 30 '18 at 10:14









      vidarlo

      9,30442445




      9,30442445






      New contributor




      dreamcacao is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked Dec 30 '18 at 9:11









      dreamcacao

      1




      1




      New contributor




      dreamcacao is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      dreamcacao is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      dreamcacao is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






















          1 Answer
          1






          active

          oldest

          votes


















          0














          First of all, this is essentially cover your ass security. If you use any resources from /icons/ it will be fairly obvious that it is there, and a 404 will not change that. A 403 indicates that the server is correctly configured.



          If you really want to do this, RedirectMatch is the way to go.



          RedirectMatch 404 ^/icons/$


          will return 404 for example.com/icons/, but not example.com/icons/foo.png.



          RedirectMatch 404 ^/icons/.*$


          will return for example.com/icons/foo.png (and any other file in icons) as well.



          Note that if the resources in /icons/ are referenced directly in the output to the browser, this does not improve security in any way, as it's trivially evident that /icons exists. If they are not referenced in the output, but merely used as input for scripts, you should consider moving them out of webroot.






          share|improve this answer





















          • Thanks a lot! I also think this is useless security check... Anyway, your solution doesn't work. I don't know but I think ~/icons/ and ~/javascript/ are something special.
            – dreamcacao
            Dec 31 '18 at 6:10












          • Is the URL example.com/~/icons?
            – vidarlo
            Dec 31 '18 at 11:00










          • No, the url is example.com/icons/ , example.com/icons/small/, example.com/javascript/ I'm sorry for late reply. I've got a cold....
            – dreamcacao
            yesterday













          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "89"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });






          dreamcacao is a new contributor. Be nice, and check out our Code of Conduct.










          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1105555%2fid-like-to-change-certain-directories-like-icons-from-403-forbidden-to-404%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          0














          First of all, this is essentially cover your ass security. If you use any resources from /icons/ it will be fairly obvious that it is there, and a 404 will not change that. A 403 indicates that the server is correctly configured.



          If you really want to do this, RedirectMatch is the way to go.



          RedirectMatch 404 ^/icons/$


          will return 404 for example.com/icons/, but not example.com/icons/foo.png.



          RedirectMatch 404 ^/icons/.*$


          will return for example.com/icons/foo.png (and any other file in icons) as well.



          Note that if the resources in /icons/ are referenced directly in the output to the browser, this does not improve security in any way, as it's trivially evident that /icons exists. If they are not referenced in the output, but merely used as input for scripts, you should consider moving them out of webroot.






          share|improve this answer





















          • Thanks a lot! I also think this is useless security check... Anyway, your solution doesn't work. I don't know but I think ~/icons/ and ~/javascript/ are something special.
            – dreamcacao
            Dec 31 '18 at 6:10












          • Is the URL example.com/~/icons?
            – vidarlo
            Dec 31 '18 at 11:00










          • No, the url is example.com/icons/ , example.com/icons/small/, example.com/javascript/ I'm sorry for late reply. I've got a cold....
            – dreamcacao
            yesterday


















          0














          First of all, this is essentially cover your ass security. If you use any resources from /icons/ it will be fairly obvious that it is there, and a 404 will not change that. A 403 indicates that the server is correctly configured.



          If you really want to do this, RedirectMatch is the way to go.



          RedirectMatch 404 ^/icons/$


          will return 404 for example.com/icons/, but not example.com/icons/foo.png.



          RedirectMatch 404 ^/icons/.*$


          will return for example.com/icons/foo.png (and any other file in icons) as well.



          Note that if the resources in /icons/ are referenced directly in the output to the browser, this does not improve security in any way, as it's trivially evident that /icons exists. If they are not referenced in the output, but merely used as input for scripts, you should consider moving them out of webroot.






          share|improve this answer





















          • Thanks a lot! I also think this is useless security check... Anyway, your solution doesn't work. I don't know but I think ~/icons/ and ~/javascript/ are something special.
            – dreamcacao
            Dec 31 '18 at 6:10












          • Is the URL example.com/~/icons?
            – vidarlo
            Dec 31 '18 at 11:00










          • No, the url is example.com/icons/ , example.com/icons/small/, example.com/javascript/ I'm sorry for late reply. I've got a cold....
            – dreamcacao
            yesterday
















          0












          0








          0






          First of all, this is essentially cover your ass security. If you use any resources from /icons/ it will be fairly obvious that it is there, and a 404 will not change that. A 403 indicates that the server is correctly configured.



          If you really want to do this, RedirectMatch is the way to go.



          RedirectMatch 404 ^/icons/$


          will return 404 for example.com/icons/, but not example.com/icons/foo.png.



          RedirectMatch 404 ^/icons/.*$


          will return for example.com/icons/foo.png (and any other file in icons) as well.



          Note that if the resources in /icons/ are referenced directly in the output to the browser, this does not improve security in any way, as it's trivially evident that /icons exists. If they are not referenced in the output, but merely used as input for scripts, you should consider moving them out of webroot.






          share|improve this answer












          First of all, this is essentially cover your ass security. If you use any resources from /icons/ it will be fairly obvious that it is there, and a 404 will not change that. A 403 indicates that the server is correctly configured.



          If you really want to do this, RedirectMatch is the way to go.



          RedirectMatch 404 ^/icons/$


          will return 404 for example.com/icons/, but not example.com/icons/foo.png.



          RedirectMatch 404 ^/icons/.*$


          will return for example.com/icons/foo.png (and any other file in icons) as well.



          Note that if the resources in /icons/ are referenced directly in the output to the browser, this does not improve security in any way, as it's trivially evident that /icons exists. If they are not referenced in the output, but merely used as input for scripts, you should consider moving them out of webroot.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Dec 30 '18 at 10:13









          vidarlo

          9,30442445




          9,30442445












          • Thanks a lot! I also think this is useless security check... Anyway, your solution doesn't work. I don't know but I think ~/icons/ and ~/javascript/ are something special.
            – dreamcacao
            Dec 31 '18 at 6:10












          • Is the URL example.com/~/icons?
            – vidarlo
            Dec 31 '18 at 11:00










          • No, the url is example.com/icons/ , example.com/icons/small/, example.com/javascript/ I'm sorry for late reply. I've got a cold....
            – dreamcacao
            yesterday




















          • Thanks a lot! I also think this is useless security check... Anyway, your solution doesn't work. I don't know but I think ~/icons/ and ~/javascript/ are something special.
            – dreamcacao
            Dec 31 '18 at 6:10












          • Is the URL example.com/~/icons?
            – vidarlo
            Dec 31 '18 at 11:00










          • No, the url is example.com/icons/ , example.com/icons/small/, example.com/javascript/ I'm sorry for late reply. I've got a cold....
            – dreamcacao
            yesterday


















          Thanks a lot! I also think this is useless security check... Anyway, your solution doesn't work. I don't know but I think ~/icons/ and ~/javascript/ are something special.
          – dreamcacao
          Dec 31 '18 at 6:10






          Thanks a lot! I also think this is useless security check... Anyway, your solution doesn't work. I don't know but I think ~/icons/ and ~/javascript/ are something special.
          – dreamcacao
          Dec 31 '18 at 6:10














          Is the URL example.com/~/icons?
          – vidarlo
          Dec 31 '18 at 11:00




          Is the URL example.com/~/icons?
          – vidarlo
          Dec 31 '18 at 11:00












          No, the url is example.com/icons/ , example.com/icons/small/, example.com/javascript/ I'm sorry for late reply. I've got a cold....
          – dreamcacao
          yesterday






          No, the url is example.com/icons/ , example.com/icons/small/, example.com/javascript/ I'm sorry for late reply. I've got a cold....
          – dreamcacao
          yesterday












          dreamcacao is a new contributor. Be nice, and check out our Code of Conduct.










          draft saved

          draft discarded


















          dreamcacao is a new contributor. Be nice, and check out our Code of Conduct.













          dreamcacao is a new contributor. Be nice, and check out our Code of Conduct.












          dreamcacao is a new contributor. Be nice, and check out our Code of Conduct.
















          Thanks for contributing an answer to Ask Ubuntu!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1105555%2fid-like-to-change-certain-directories-like-icons-from-403-forbidden-to-404%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Human spaceflight

          Image
          Human spaceflight From Wikipedia, the free encyclopedia Jump to navigation Jump to search "Space traveler" redirects here. For other uses, see Space traveler (disambiguation). @media all and (max-width:720px){.mw-parser-output .tmulti>.thumbinner{width:100%!important;max-width:none!important}.mw-parser-output .tmulti .tsingle{float:none!important;max-width:none!important;width:100%!important;text-align:center}} Apollo 11 crewmember Buzz Aldrin on the Moon, 1969 International Space Station crewmember Tracy Caldwell Dyson views the Earth, 2010 Space Shuttle Discovery heads into space with a crew aboard, STS-121 in 2006 Inside a space suit on the Canadarm, 1993 Human spaceflight (also referred to as crewed spaceflight or manned spaceflight ) is space travel with a crew or passengers aboard the spacecraft. Spacecraft carrying people may be operated directly, by human crew, or it may be e
          Read more

          Can not write log (Is /dev/pts mounted?) - openpty in Ubuntu-on-Windows?

          Image
          0 1 What exactly does the error message beginning with E: mean? I assume it has to do with the file structure on Ubuntu-on-Windows, but what exactly? The following package was automatically installed and is no longer required: os-prober Use 'apt-get autoremove' to remove it. The following extra packages will be installed: libxslt1.1 The following NEW packages will be installed: libxslt1.1 xmlstarlet 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. Need to get 435 kB of archives. After this operation, 1023 kB of additional disk space will be used. Get:1 http://archive.ubuntu.com/ubuntu/ trusty/main libxslt1.1 amd64 1.1.28-2build1 [145 kB] Get:2 http://archive.ubuntu.com/ubuntu/ trusty/universe xmlstarlet amd64 1.5.0-1 [290 kB]
          Read more

          File:DeusFollowingSea.jpg

          Image
          File:DeusFollowingSea.jpg From Wikipedia, the free encyclopedia Jump to navigation Jump to search File File history File usage No higher resolution available. DeusFollowingSea.jpg ‎ (238 × 211 pixels, file size: 12 KB, MIME type: image/jpeg ) Summary [ edit ] Media data and Non-free use rationale Description Cover art of the Deus CD Following Sea Author or copyright owner Deus Source (WP:NFCC#4) rocksucker.co.uk Date of publication 2012 Use in article (WP:NFCC#7) Following Sea Purpose of use in article (WP:NFCC#8) to serve as the primary means of visual identification at the top of the article dedicated to the work in question. Not replaceable with free media because (WP:NFCC#1) n.a. Minimal use (WP:NFCC#3) Low res image used in infobox of the article on the album Respect for commercial opportunities (WP:NFCC#2) n.a. Fair use Fair use of co
          Read more