This article assumes you are using an Apache server.
The standard 404 (not found) message is ugly plain text . You are more likely to keep people on your site by using a custom 404 page that links to your site’s content.
The standard 403 (forbidden) message is also plain text.
Fig 2: You may want to provide a link to your home page just in case genuine visitors are 403’d.
If you are not concerned about bandwidth or processing load; you may wish to do something fancy like displaying IP addresses and some server-side processing/logging.
Note: IE 9(?) appears to ignore custom 403 error messages and continues to display its own standard “HTTP 403 Forbidden” page.
Custom pages do not have to be plain (s)html files. The 404 page above was generated by a PHP file; and the 403 “page” was created by modifying the server’s default 403 message (a single line edit to your htaccess or.conf).
The usual disclaimer: the suggestions and examples in this article work for me; but I can’t guarantee they will work, or be safe for use on your site. You use the ideas and content of this page at your own risk.
Custom files and custom security – pitfalls
Your custom error page files are subject to the same access security rules as other pages on your site. This can lead to “infinite” loops.
For example: If .htaccess blocks the visitor’s IP address then the server will try to serve your custom 403 page, but it will also be blocked by the same access rule. This will cause another 403 deny, and another blocked attempt to serve the custom 403 page etc. etc. This is a potentially infinite loop – but hopefully you or your host has configured the server to “LimitInternalRecursion”.
You can edit htaccess to always allow your custom page e.g. 403.shtml:
<Files 403.shtml> order allow,deny allow from all </Files>
I became aware of this problem after reading posts on forums like Webmasterworld. JdMorgan’s second post in this thread suggests another way of ensuring your custom page(s) are allowed as well as info on the order in which allows and denies are processed.
The title says 4 ways to create custom 403 and 404’s – okay what are they?
1. Use ErrorDocument to change the default message(s):
The simplest solution. It is also the most efficient; your server does not have to retrieve and parse another file. As a bonus, you don’t have to worry about the infinite loop problem (above).
It is more efficient to change the default message(s) in httpd.conf; but you can add the same ErrorDocument to .htaccess. Example; to produce the page in Fig 2:
ErrorDocument 403 "Sorry the link you used is invalid.<br /><h2>Please visit our <a href='/'>Home Page</a></h2>"
I’ve tested this on my version of Apache; and confirmed the message string can contain HTML tags – so you should be able to include hot links like the above.
This is great for custom 403 messages where you don’t want to waste your bandwith sending 20kb of formatted page to visitors who will usually be hackers. However, if you want to present a friendly 404 page with the look and style of your site you will have to provide a file of HTML.
2. Setting up custom pages via your control panel:
Cpanel (and others) provide simple editors to create custom error pages, and the editors may provide add functions to include the visitor IP address, referring URL etc in your code.
Cpanel saves the code in your web root directory as .shtml; prefixed by the relevant Status (error) Code e.g. 404.shtml.
3. By adding your own 404.shtml (or 403.shtml) file to the web root directory.
And see if it works. I think most Apache servers look for nnn.shtml files, and if present use these instead of the default message.
ErrorDocument 404 /my-error-pages/my404notFoundPage.php
The error “redirect” does not even have to be on the same domain:
ErrorDocument 403 http://example.com/blacklist/badip-logger.php
70 Custom 404 pages to inspire you
Genuine comments, critiques, and suggestions are always welcome.
If you thought this article useful or interesting then a Like or “+1” at the top of the page would be really appreciated.