So I have a php page that only accepts POST method from another script coming from same host. Anything else I want to respond with
header("HTTP/1.1 403");
With chrome, I get a :( page saying access denied. IE also shows a similar error page. With firefox, I just get an empty page. I made a php script with just that line above and the result is the same.
Am I doing something wrong or is firefox just quirky.
It looks it's not working also for other statuses (e.g. 404)
Best way, is to echo out a custom PHP file, for Firefox. If you want IE to show the same as Firefox, your file will need to be larger than 512 bytes.
Sth like
header("HTTP/1.1 403");
include('403.php');
and in 403.php your message.
Most (all?) web servers don't just send the error header but also include a HTML page describing the error. A lot of sites customize this to have "custom" error pages. It also lets you add more detailed info about why you are getting this error that is not included in the header.
When the web server sends a blank page it is up to the web browser to decide how it wants to handle that case. In this case Firefox is showing what it got, but Chrome has decided a blank page might confuse the user so it puts up a built in error screen.
So... What you want to do is send a HTML web page (you can send just simple text if you want) explaining the error.
For example here is a php script that returns something like what Apache returns:
<?php
header("HTTP/1.1 403");
?>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>Access forbidden!</title>
<link rev="made" href="mailto:postmaster@example.com" />
<style type="text/css"><!--/*--><![CDATA[/*><!--*/
body { color: #000000; background-color: #FFFFFF; }
a:link { color: #0000CC; }
p, address {margin-left: 3em;}
span {font-size: smaller;}
/*]]>*/--></style>
</head>
<body>
<h1>Access forbidden!</h1>
<p>
You don't have permission to access the requested object.
It is either read-protected or not readable by the server.
</p>
<p>
If you think this is a server error, please contact
the <a href="mailto:<?php echo $_SERVER['SERVER_ADMIN'];?>">webmaster</a>.
</p>
<h2>Error 403</h2>
<address>
<a href="/"><?php echo $_SERVER['SERVER_NAME'];?></a><br />
<span><?php echo $_SERVER['SERVER_SOFTWARE'];?></span>
</address>
</body>
</html>
Which looks something like:
You don't have permission to access the requested object. It is either read-protected or not readable by the server.
If you think this is a server error, please contact the webmaster.
localhost
Apache/2.4.10 (Win32) OpenSSL/1.0.1h PHP/5.4.31