PHP header 'HTTP/1.1 403 Forbidden'

Question

0.00/5 (No votes)

See more:

Hi,

On the top of my PHP page page04.php, I've this header:

PHP

<?php header('HTTP/1.1 403 Forbidden'); ?>

But when I go to page04.php with my browser, I don't get a 403 error page, but the contents of page04.php. I'm using an Apache HTTP server, and this is my .htaccess file:

ErrorDocument 404 /404.php
ErrorDocument 403 /403.php

I tried also HTTP/1.0 instead of HTTP/1.1.
Why I don't get my 403 error page? And how can I configure the server, my .htaccess file or my page04.php file to get my 403 error page when I go to page04.php?

Thanks in advance.

Posted 29-Dec-12 4:58am

Thomas Daniels

Updated 29-Dec-12 5:23am

v3

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

**Zoltán Zörgő** · Accepted Answer · 2012-12-29T06:35:00

(A short description of this http status code: http://www.checkupdown.com/status/E403.html[^])

The problem is, that simply putting a 403 status code at the beginning of the page won't have any effect. The web server (Apache in your case) is deciding that the request is unauthorized, not your code. Since if it can execute the php script than it is authorized, right? So even if you send the 403 status code, you send the content also, and that's all, Apache won't intercept your status code. And the browser will be happy to display it :). What you set in .htaccess is only valid for Apache, php has nothing to do with it.

So, if you want to redirect from code to your error page, just add a http location[^] redirect after the status code, and exit immediately the php script.

If you want only to test the error page, just create a dummy folder and set .htaccess in it to deny everybody. If you made it correctly, you will get you error page back.