问题
My problem:
For some reason my custom 401 error page is not displaying on login and is just displaying the generic 401 error page:
Unauthorized
This server could not verify that you are authorized to access the document requested.
Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't
understand how to supply the credentials required.
Additionally, a 401 Unauthorized error was encountered while trying to use an
ErrorDocument to handle the request.
Now in saying this my custom 404 error page and others are displaying just fine, just not for the 401. The "error.php" (custom error page) file is in my public_html directory.
My current .htaccess file in public_html directory:
ErrorDocument 400 /error.php
ErrorDocument 401 /error.php
ErrorDocument 402 /error.php
ErrorDocument 403 /error.php
ErrorDocument 404 /error.php
ErrorDocument 500 /error.php
ErrorDocument 501 /error.php
ErrorDocument 502 /error.php
ErrorDocument 503 /error.php
ErrorDocument 504 /error.php
ErrorDocument 505 /error.php
ErrorDocument 506 /error.php
ErrorDocument 507 /error.php
ErrorDocument 510 /error.php
RewriteEngine On
DirectoryIndex .index.php .style.css .sorttable
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|zip|rar)$ - [F,NC]
# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php73” package as the default “PHP” programming language.
<IfModule mime_module>
AddHandler application/x-httpd-ea-php73 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
#----------------------------------------------------------------cp:ppd
# Section managed by cPanel: Password Protected Directories -cp:ppd
# - Do not edit this section of the htaccess file! -cp:ppd
#----------------------------------------------------------------cp:ppd
AuthType Basic
AuthName "Protected 'public_html'"
AuthUserFile "/home/dark/.htpasswds/public_html/passwd"
Require valid-user
#----------------------------------------------------------------cp:ppd
# End section managed by cPanel: Password Protected Directories -cp:ppd
#----------------------------------------------------------------cp:ppd
Now my directories are password protected as you can see in the .htaccess. I tried the following fixes but still no luck on displaying the custom 401 error page:
- Created the error page in a different directory.
- Specified the complete url of the error page in the .htaccess file.
- Turned off the directory password function.
- Changed the error file extension to .shtml.
- Tried many other codes and questions on the stackoverflow website.
Now to recap, all other custom error pages are displaying fine, just not the 401 on login and i'm stumped.
My cPanel Sever Information:
Hosting Package Gold
Server Name server
cPanel Version 88.0 (build 14)
Apache Version 2.4.46
PHP Version 7.3.21
MySQL Version 10.3.24-MariaDB-cll-lve
Architecture x86_64
Operating System linux
Shared IP Address 45.95
Local IP Address 192.168
Path to Sendmail /usr/sbin/sendmail
Path to Perl /usr/bin/perl
Perl Version 5.16.3
Kernel Version 3.10.0-962.3.2.lve1.5.32.el7.x86_64
Thanks!
回答1:
For the 401 ErrorDocument to be served, it needs to be accessible. If everything is blocked behind HTTP authentication then it's not going to be accessible when authentication fails and you get the additional part in the default server 401 response:
Additionally, a 401 Unauthorized error was encountered while trying to use an ErrorDocument to handle the request.
You need to "punch a hole" in your authentication and allow public access to this document.
For example:
<Files "error.php">
Require all granted
</Files>
- Created the error page in a different directory.
That should have worked, providing the "different directory" was not also protected by HTTP authentication. For instance, a subdirectory would not help.
- Specified the complete url of the error page in the .htaccess file.
That would trigger an external 302 redirect and lose the 401 response. This is not permitted. As noted in the Apache docs:
if you use an
ErrorDocument 401directive, then it must refer to a local document.
- Turned off the directory password function.
If you turned "off the directory password function" then there's nothing to trigger the 401 so your error document would be accessible, but then how are your triggering/testing your 401 error document? This seems a bit chicken/egg.
- Changed the error file extension to .shtml.
Changing the type of file would make no difference here.
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|zip|rar)$ - [F,NC]
To clarify, you're not serving any images on any pages? Any request that contains one of these file extensions will trigger a 403 Forbidden.
UPDATE: If your error documents use additional resources then it would be easier for these all to be self contained in their own subdirectory (eg. /errordocs) - you can then just permit public access to this subdirectory without having to identify every file.
You then create an additional .htaccess file in the /errordocs subdirectory with just a one liner:
Require all granted
来源:https://stackoverflow.com/questions/64862309/cpanel-custom-401-error-page-not-displaying