I'd like to change certain directories ( like /icons/) from 403 forbidden to 404 not found












0














I got security check and I have to fix the problems.



I operate the homepage via virtual machine (Ubuntu 16.04.3) by apache2 (Apache 2.4.18).



The security check said that accessing ~/icons/, ~/icons/small/, ~/javascript/ get respond status code 403 (Forbidden) and I have to change them to status code 404 (Not Found) for security.



So, I add in .htaccess file



RedirectMatch 404 /icons/
RedirectMatch 404 /icons/small/
RedirectMatch 404 /javascript/


but it didn't work...



Acutally when I add



RedirectMatch 404 /intro/


then it works in ~/intro/



So, I think the /icons/ and /javascript/ are something different.



Does anybody know why and how to deal with it?



/icons/ is aliased to /usr/share/apache2/icons/ and I change to



RedirectMatch 404 /usr/share/apache2/icons/


but it also doesn't work....










share|improve this question









New contributor




dreamcacao is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

























    0














    I got security check and I have to fix the problems.



    I operate the homepage via virtual machine (Ubuntu 16.04.3) by apache2 (Apache 2.4.18).



    The security check said that accessing ~/icons/, ~/icons/small/, ~/javascript/ get respond status code 403 (Forbidden) and I have to change them to status code 404 (Not Found) for security.



    So, I add in .htaccess file



    RedirectMatch 404 /icons/
    RedirectMatch 404 /icons/small/
    RedirectMatch 404 /javascript/


    but it didn't work...



    Acutally when I add



    RedirectMatch 404 /intro/


    then it works in ~/intro/



    So, I think the /icons/ and /javascript/ are something different.



    Does anybody know why and how to deal with it?



    /icons/ is aliased to /usr/share/apache2/icons/ and I change to



    RedirectMatch 404 /usr/share/apache2/icons/


    but it also doesn't work....










    share|improve this question









    New contributor




    dreamcacao is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.























      0












      0








      0







      I got security check and I have to fix the problems.



      I operate the homepage via virtual machine (Ubuntu 16.04.3) by apache2 (Apache 2.4.18).



      The security check said that accessing ~/icons/, ~/icons/small/, ~/javascript/ get respond status code 403 (Forbidden) and I have to change them to status code 404 (Not Found) for security.



      So, I add in .htaccess file



      RedirectMatch 404 /icons/
      RedirectMatch 404 /icons/small/
      RedirectMatch 404 /javascript/


      but it didn't work...



      Acutally when I add



      RedirectMatch 404 /intro/


      then it works in ~/intro/



      So, I think the /icons/ and /javascript/ are something different.



      Does anybody know why and how to deal with it?



      /icons/ is aliased to /usr/share/apache2/icons/ and I change to



      RedirectMatch 404 /usr/share/apache2/icons/


      but it also doesn't work....










      share|improve this question









      New contributor




      dreamcacao is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      I got security check and I have to fix the problems.



      I operate the homepage via virtual machine (Ubuntu 16.04.3) by apache2 (Apache 2.4.18).



      The security check said that accessing ~/icons/, ~/icons/small/, ~/javascript/ get respond status code 403 (Forbidden) and I have to change them to status code 404 (Not Found) for security.



      So, I add in .htaccess file



      RedirectMatch 404 /icons/
      RedirectMatch 404 /icons/small/
      RedirectMatch 404 /javascript/


      but it didn't work...



      Acutally when I add



      RedirectMatch 404 /intro/


      then it works in ~/intro/



      So, I think the /icons/ and /javascript/ are something different.



      Does anybody know why and how to deal with it?



      /icons/ is aliased to /usr/share/apache2/icons/ and I change to



      RedirectMatch 404 /usr/share/apache2/icons/


      but it also doesn't work....







      apache2






      share|improve this question









      New contributor




      dreamcacao is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      share|improve this question









      New contributor




      dreamcacao is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      share|improve this question




      share|improve this question








      edited Dec 30 '18 at 10:14









      vidarlo

      9,30442445




      9,30442445






      New contributor




      dreamcacao is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked Dec 30 '18 at 9:11









      dreamcacao

      1




      1




      New contributor




      dreamcacao is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      dreamcacao is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      dreamcacao is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






















          1 Answer
          1






          active

          oldest

          votes


















          0














          First of all, this is essentially cover your ass security. If you use any resources from /icons/ it will be fairly obvious that it is there, and a 404 will not change that. A 403 indicates that the server is correctly configured.



          If you really want to do this, RedirectMatch is the way to go.



          RedirectMatch 404 ^/icons/$


          will return 404 for example.com/icons/, but not example.com/icons/foo.png.



          RedirectMatch 404 ^/icons/.*$


          will return for example.com/icons/foo.png (and any other file in icons) as well.



          Note that if the resources in /icons/ are referenced directly in the output to the browser, this does not improve security in any way, as it's trivially evident that /icons exists. If they are not referenced in the output, but merely used as input for scripts, you should consider moving them out of webroot.






          share|improve this answer





















          • Thanks a lot! I also think this is useless security check... Anyway, your solution doesn't work. I don't know but I think ~/icons/ and ~/javascript/ are something special.
            – dreamcacao
            Dec 31 '18 at 6:10












          • Is the URL example.com/~/icons?
            – vidarlo
            Dec 31 '18 at 11:00










          • No, the url is example.com/icons/ , example.com/icons/small/, example.com/javascript/ I'm sorry for late reply. I've got a cold....
            – dreamcacao
            yesterday













          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "89"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });






          dreamcacao is a new contributor. Be nice, and check out our Code of Conduct.










          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1105555%2fid-like-to-change-certain-directories-like-icons-from-403-forbidden-to-404%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          0














          First of all, this is essentially cover your ass security. If you use any resources from /icons/ it will be fairly obvious that it is there, and a 404 will not change that. A 403 indicates that the server is correctly configured.



          If you really want to do this, RedirectMatch is the way to go.



          RedirectMatch 404 ^/icons/$


          will return 404 for example.com/icons/, but not example.com/icons/foo.png.



          RedirectMatch 404 ^/icons/.*$


          will return for example.com/icons/foo.png (and any other file in icons) as well.



          Note that if the resources in /icons/ are referenced directly in the output to the browser, this does not improve security in any way, as it's trivially evident that /icons exists. If they are not referenced in the output, but merely used as input for scripts, you should consider moving them out of webroot.






          share|improve this answer





















          • Thanks a lot! I also think this is useless security check... Anyway, your solution doesn't work. I don't know but I think ~/icons/ and ~/javascript/ are something special.
            – dreamcacao
            Dec 31 '18 at 6:10












          • Is the URL example.com/~/icons?
            – vidarlo
            Dec 31 '18 at 11:00










          • No, the url is example.com/icons/ , example.com/icons/small/, example.com/javascript/ I'm sorry for late reply. I've got a cold....
            – dreamcacao
            yesterday


















          0














          First of all, this is essentially cover your ass security. If you use any resources from /icons/ it will be fairly obvious that it is there, and a 404 will not change that. A 403 indicates that the server is correctly configured.



          If you really want to do this, RedirectMatch is the way to go.



          RedirectMatch 404 ^/icons/$


          will return 404 for example.com/icons/, but not example.com/icons/foo.png.



          RedirectMatch 404 ^/icons/.*$


          will return for example.com/icons/foo.png (and any other file in icons) as well.



          Note that if the resources in /icons/ are referenced directly in the output to the browser, this does not improve security in any way, as it's trivially evident that /icons exists. If they are not referenced in the output, but merely used as input for scripts, you should consider moving them out of webroot.






          share|improve this answer





















          • Thanks a lot! I also think this is useless security check... Anyway, your solution doesn't work. I don't know but I think ~/icons/ and ~/javascript/ are something special.
            – dreamcacao
            Dec 31 '18 at 6:10












          • Is the URL example.com/~/icons?
            – vidarlo
            Dec 31 '18 at 11:00










          • No, the url is example.com/icons/ , example.com/icons/small/, example.com/javascript/ I'm sorry for late reply. I've got a cold....
            – dreamcacao
            yesterday
















          0












          0








          0






          First of all, this is essentially cover your ass security. If you use any resources from /icons/ it will be fairly obvious that it is there, and a 404 will not change that. A 403 indicates that the server is correctly configured.



          If you really want to do this, RedirectMatch is the way to go.



          RedirectMatch 404 ^/icons/$


          will return 404 for example.com/icons/, but not example.com/icons/foo.png.



          RedirectMatch 404 ^/icons/.*$


          will return for example.com/icons/foo.png (and any other file in icons) as well.



          Note that if the resources in /icons/ are referenced directly in the output to the browser, this does not improve security in any way, as it's trivially evident that /icons exists. If they are not referenced in the output, but merely used as input for scripts, you should consider moving them out of webroot.






          share|improve this answer












          First of all, this is essentially cover your ass security. If you use any resources from /icons/ it will be fairly obvious that it is there, and a 404 will not change that. A 403 indicates that the server is correctly configured.



          If you really want to do this, RedirectMatch is the way to go.



          RedirectMatch 404 ^/icons/$


          will return 404 for example.com/icons/, but not example.com/icons/foo.png.



          RedirectMatch 404 ^/icons/.*$


          will return for example.com/icons/foo.png (and any other file in icons) as well.



          Note that if the resources in /icons/ are referenced directly in the output to the browser, this does not improve security in any way, as it's trivially evident that /icons exists. If they are not referenced in the output, but merely used as input for scripts, you should consider moving them out of webroot.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Dec 30 '18 at 10:13









          vidarlo

          9,30442445




          9,30442445












          • Thanks a lot! I also think this is useless security check... Anyway, your solution doesn't work. I don't know but I think ~/icons/ and ~/javascript/ are something special.
            – dreamcacao
            Dec 31 '18 at 6:10












          • Is the URL example.com/~/icons?
            – vidarlo
            Dec 31 '18 at 11:00










          • No, the url is example.com/icons/ , example.com/icons/small/, example.com/javascript/ I'm sorry for late reply. I've got a cold....
            – dreamcacao
            yesterday




















          • Thanks a lot! I also think this is useless security check... Anyway, your solution doesn't work. I don't know but I think ~/icons/ and ~/javascript/ are something special.
            – dreamcacao
            Dec 31 '18 at 6:10












          • Is the URL example.com/~/icons?
            – vidarlo
            Dec 31 '18 at 11:00










          • No, the url is example.com/icons/ , example.com/icons/small/, example.com/javascript/ I'm sorry for late reply. I've got a cold....
            – dreamcacao
            yesterday


















          Thanks a lot! I also think this is useless security check... Anyway, your solution doesn't work. I don't know but I think ~/icons/ and ~/javascript/ are something special.
          – dreamcacao
          Dec 31 '18 at 6:10






          Thanks a lot! I also think this is useless security check... Anyway, your solution doesn't work. I don't know but I think ~/icons/ and ~/javascript/ are something special.
          – dreamcacao
          Dec 31 '18 at 6:10














          Is the URL example.com/~/icons?
          – vidarlo
          Dec 31 '18 at 11:00




          Is the URL example.com/~/icons?
          – vidarlo
          Dec 31 '18 at 11:00












          No, the url is example.com/icons/ , example.com/icons/small/, example.com/javascript/ I'm sorry for late reply. I've got a cold....
          – dreamcacao
          yesterday






          No, the url is example.com/icons/ , example.com/icons/small/, example.com/javascript/ I'm sorry for late reply. I've got a cold....
          – dreamcacao
          yesterday












          dreamcacao is a new contributor. Be nice, and check out our Code of Conduct.










          draft saved

          draft discarded


















          dreamcacao is a new contributor. Be nice, and check out our Code of Conduct.













          dreamcacao is a new contributor. Be nice, and check out our Code of Conduct.












          dreamcacao is a new contributor. Be nice, and check out our Code of Conduct.
















          Thanks for contributing an answer to Ask Ubuntu!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1105555%2fid-like-to-change-certain-directories-like-icons-from-403-forbidden-to-404%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Human spaceflight

          Can not write log (Is /dev/pts mounted?) - openpty in Ubuntu-on-Windows?

          張江高科駅