So I have a Password Protected Localhost Server to prevent these unknown IPs from getting in my server.
What I want to do is as soon as they try logging in and they get a 401 error htaccess sends them to a file called block.php
as so: ErrorDocument 401 /block.php
The problem is though, because they are not authorized to view anything on that site, block.php does not get called at all.
How do I work around this?
My httaccess looks like this:
AuthType Basic
AuthName "C:\\xampp\\htdocs"
AuthUserFile C:\\xampp\\htdocs/.htpasswd
Require valid-user
<FilesMatch block.php>
Order Deny,Allow
</FilesMatch>
ErrorDocument 401 /block.php
ErrorDocument 400 /block.php
ErrorDocument 403 /block.php
############### START BANS ###############
You can't use a <FilesMatch> container to grant access if you've already taken it away with your Require valid-user. What you can do is use a negative regex match so that the auth is only required when the request is NOT for /block.php:
<FilesMatch "(?<!block\.php)$">
AuthType Basic
AuthName "C:\\xampp\\htdocs"
AuthUserFile C:\\xampp\\htdocs/.htpasswd
Require valid-user
</FilesMatch>
ErrorDocument 401 /block.php
ErrorDocument 400 /block.php
ErrorDocument 403 /block.php
block.php had a whitelist of IPs and I added my local ip and I guess any other welcomed ips. This prompted unknown ips to either no the username and password or else have their ip banned from my server. Thanks Jon Lin for the fix!