Cannot use a full URL in a 401 ErrorDocument directive
From Deep Thought
Contents |
Problem
We started seeing this error in a the Apache log files for one of our clients.
[notice] cannot use a full URL in a 401 ErrorDocument directive --- ignoring!
Solution
The culprit turned out to be a setting added to the .htaccess file for the root folder of the website:
... other stuff up here... <Limit GET POST> #The next line modified by DenyIP order allow,deny #The next line modified by DenyIP deny from all allow from all </Limit> <Limit PUT DELETE> order deny,allow deny from all </Limit> ... more stuff down here ...
The fix was simply to comment out the above lines.
Research
Apache LIMIT Directive
Our synopsis (from the Apache docs)...
The purpose of the <Limit> directive is to restrict who (or what) can access your website via the following types of web requests (methods): GET, POST, PUT, DELETE, CONNECT, OPTIONS, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, and UNLOCK. The method name is case-sensitive. If GET is used it will also restrict HEAD requests.
The following example applies the access control only to the methods POST, PUT, and DELETE, leaving all other methods unprotected:
<Limit POST PUT DELETE> Require valid-user </Limit>
Apache ORDER Directive
Our synopsis (from the Apache docs)...
The Order directive, along with the Allow and Deny directives, controls a three-pass access control system. The first pass processes either all Allow or all Deny directives, as specified by the Order directive. The second pass parses the rest of the directives (Deny or Allow). The third pass applies to all requests which do not match either of the first two.
Note that all Allow and Deny directives are processed (it does not stop after the first directive is matched). Additionally, the order in which lines appear in the configuration files is not significant -- all Allow lines are processed as one group, all Deny lines are considered as another, and the default state is considered by itself.
Ordering is one of:
Allow,Deny
First, all Allow directives are evaluated; at least one must match, or the request is rejected. Next, all Deny directives are evaluated. If any matches, the request is rejected. Last, any requests which do not match an Allow or a Deny directive are denied by default.
Deny,Allow
First, all Deny directives are evaluated; if any match, the request is denied unless it also matches an Allow directive. Any requests which do not match any Allow or Deny directives are permitted.
Mutual-failure
This order has the same effect as Order Allow,Deny and is deprecated in its favor.
