Customizing Your Access Denied Page

When a request gets an access denied response from the web server, the user will be presented with a hardcoded server-generated error message. You can customize the message the user receives using the ErrorDocument directive in three different ways:

You can show the user a custom message, as in the following example

ErrorDocument 403 "You do not have permission to access this file"

if you are using Apache 2 or

ErrorDocument 403 "You do not have permission to access this file

if you are using Apache 1.3 (notice that there is only one double-quote, at the beginning of the string).

Alternatively, you can redirect the request to a local URL-path with a custom message:

ErrorDocument 401 /login_failed.html

In this case, the file passed to the directive as the second argument is a path starting with a slash (/), relative to the value specified in the directive DocumentRoot.

Finally, you can redirect the request to an external URL:

ErrorDocument 404 http://www.example.com/page _not_found.html

These examples referred to different 400 HTTP return codes, which indicate there was an error resolving the request, such as the user not providing a correct username and password. You can of course do the same for other common HTTP codes such as internal server errors. You can find a complete listing of HTTP return codes in the appendix.

Note

Some versions of Microsoft Internet Explorer (MSIE) will by default ignore server-generated error messages when they are less than 512 bytes in size, so be sure to specify a message greater than that. You can learn more about this issue in this Microsoft Knowledge Base article http://support.microsoft.com/default.aspx?scid=kb;en-us;Q294807.