After analyzing the web, to see SEO failures, I see that I have a page that returns a 403 but it is shown as any other page.
The web is in Drupal, and I verified that it was not a block that was added with blocked permissions.
I do not see why it returns 403.
Probably you have 403 page configured under /admin/config/system/site-information:
Related
I have a question.
Does setting a post/page staus to "private" will it generate a true 404 page with 404 header? Or it's just a page showing that is not found?
I want Google to know that the page no longer exists and it's 404.
Settings to private makes the site say it's not found, but how do I know it's a true 404 error?
Thanks! :)
What you are looking for is the HTTP response status of the URL.
You have to look about. Google about something like "get HTTP status of a URL", and you'll find many free tools to check URLs HTTP statuses.
You can also check yourself with your browser console whether it's a real 404 or not.
In the network tab, you'll have the page request lists and HTTP status for each. From there, check the request having your page URL (usually the first one), and see the HTTP status of this request. If it's a 404: you're good.
You can also use Postman to get the HTTP response status of your URL. Or on CLI using Curl and many other ways.
I have used better exposed filter module and set it as on click submit. it set an ajax request when click on the check box. It is causing problem in HTTPS. it is working fine in HTTP.
An AJAX HTTP error occurred.
HTTP Result Code: 403
Debugging information follows.Path: /views/ajax
StatusText: Forbidden
ResponseText: 403 Forbidden
ForbiddenYou don't have permission to access /views/ajaxon this server.
There are couple of things that you need to check:
It is likely you have not set $base_url in your settings.php file.
There is a mode_security file on Amazone EC2 server increase the size of post data when using https. Hope it will work Happy coding...
Adding a tag in URL causes 400 Bad Request Error. I have redirected users to generic error pages created by me for any error occurring on my site.
I am using <customerrors> tags in web.config to redirect users for any error occurring on the site.
For eg.
http://www.example.com/ABC/<script>alert('Hi');<script>.aspx -- Redirects to 400 Bad Request Page
http://www.example.com/ABC/frmLogin.aspx?<script>alert('Hi');<script> -- Redirects to Custom Error Page as defined in web.config
I have deployed my site on IIS 5 and also on IIS 6.
If you closely look into url http://www.example.com/ABC/<script>alert('Hi');<script>.aspx, this means you are requesting a page "something.aspx", that is why it says 400 bad request, it is not internal server error - http status 500. And that is why it not redirecting to custom error page, as they are meant for http status 500 - server error. To solve this, you need to handle 400 status , and redirect to required page.
I read the following advise by dotnetchris in the comments of a blog post by Jonathan Creamer:
In a regular application (aka not a RESTful web service), the proper way to handle a 500 error is to issue a 302 temporary redirect, then redirect to the 500 error page that returns a proper 500 status code.
I would like to know if this advise is correct. My experience as a developer is with ASP.NET MVC, and the error handling approaches I have seen relating to that framework are ones where no redirect is issued for a 500 error.
Generally i cant agree with this approach. It's looks like:
-> Access page that return error -> 302 to other page that return 500 error.
It's mean for search bots that this page redirect to other page that return error due to some result. Of course it's not good in this way. In my app i always show errors on the page where they appear. I just change the template of page in this case.
Using forms authentication, is it possible to return a 404 if a user doesn't have access to content, rather than redirecting them somewhere?
I realize I could send them to a 404-ish page, or redirect to a login page that doesn't exist, but I really want to return a 404 from the page they were attempting to access.
Possible?
Better would be to send them to a 403 (Forbidden) page, but still have it look like a normal page from your site.
You should think of customized 404 pages with recommended navigational options when website visitors request pages that return a 404 response code. So I am in support of sending users to a 404-ish page with search options, other navigational links along with a notification that the user has reached a page that does not exist
You are going to have a hard time catching a 403 much less redirect it.
There is a long standing 'bug' in the forms authentication module that simply dumps 'under-authorized' to the registered login page with a 200 OK.
So, not only can you not easily catch a 403 - from my experience 403 has never been a viable candidate for a custom error page. I am not sure why MS has left it in the default web.config for 10 years.
In any case, I have developed a module that will fix this behavior, the code and details can be found here: http://www.codeproject.com/Articles/39062/Salient-Web-Security-AccessControlModule.aspx
The language of the article is tilted towards ajax type requests, but the module is designed with webform based forms authentication in mind as well.
The default configuration will give you the ability to process 403 with a custom error page which can be a simple handler that generates a 404, which will in turn be processed by any custom 404 page you have defined, if any.