Welcome to the new design! Please report any bugs or issues, thanks :)
Web Dev + WordPress + Security

Custom HTTP Errors via htaccess

We all know how important it is to deliver sensible, helpful 404 error pages to our visitors. There are many ways of achieving this functionality, including the well-known htaccess trick used to locally redirect users to custom error pages:

# htaccess custom error pages
ErrorDocument 400 /errors/400.html
ErrorDocument 401 /errors/401.html
ErrorDocument 403 /errors/403.html
ErrorDocument 404 /errors/404.html
ErrorDocument 500 /errors/500.html

..and so on. These directives basically tell Apache to deliver the designated documents for their associated error types. Many webmasters and developers employ this trick to ensure that visitors receive customized error pages that are generally more user-friendly or design-specific than the rather unfriendly Apache defaults. Serving custom error pages is an excellent way to enhance overall site usability and accessibility, but there are several other useful techniques to consider as well.

Change the default error message

You don’t need to design a complete set of customized error documents just to get your point across. Simply changing the default error message to something more useful is a great way to spice things up with minimal fuss:

# htaccess custom error messages
ErrorDocument 400 "Ooops - Bad request!
ErrorDocument 401 "Speak friend and enter
ErrorDocument 403 "Strictly fabidden..
ErrorDocument 404 "Missing in action..
ErrorDocument 500 "Server gone wild..

..or whatever. You can change the custom message to anything you want, but it must be plain text. This technique is ideal for hardcore sites with an audience that is a bit more “error-savvy” than the typical visitor. Note that the initial quotation mark ( " ) specifies the character string as text and is not included in the message itself. No closing quotation mark is required.

Redirect to a script

Moving in the other direction, you may wish to incorporate some dynamic functionality into your error messages. For example, if you had a script that customized the error message by employing, say, referrer, client, and query data, you could redirect your error pages like so:

# htaccess custom error scripts
ErrorDocument 400 /errors/redirection.php
ErrorDocument 401 /errors/authentication.php
ErrorDocument 403 /errors/explanation.php
ErrorDocument 404 /cgi-bin/not_found.pl
ErrorDocument 500 /cgi-bin/server_error.pl

Redirect to an external URL

Returning to the most common error-page customization-method, it should be noted that the custom error pages do not need to be located on the same domain. In fact, you can redirect your HTTP errors to virtually any URL:

# htaccess custom error redirects
ErrorDocument 400 http://domain.tld/400_information.html
ErrorDocument 401 http://domain.tld/401_information.html
ErrorDocument 403 http://domain.tld/403_information.html
ErrorDocument 404 http://domain.tld/404_information.html
ErrorDocument 500 http://domain.tld/500_information.html

Keep in mind that any environmental variables or other request-specific information will not survive the external redirect.

Well, that about does it for this fun and exciting round of htaccess madness. One last note about serving custom error error pages: make sure that they are greater than 512 bytes in size or Internet Explorer will ignore them.

Next up: we jump back into the realm of standards-based design with an in-depth tutorial on creating an accessible “hovering” jump menu using (X)HTML and CSS. Stay tuned!

Jeff Starr
About the Author
Jeff Starr = Fullstack Developer. Book Author. Teacher. Human Being.
The Tao of WordPress: Become your own WordPress guru.
Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
The Tao of WordPress: Master the art of WordPress.
Thoughts
Playing the long game.
They have weaponized the idiots.
Good software never steals focus from the user. Even during startup.
After 10 years running my own business, I still manage schedules and tasks using old school post-it notes, sometimes simple sometimes very elaborate.
You know those sites, where you're trying to just grab a quick bit of information but the page is shifting all over the place as it loads up 3 million advertisements.
Selling two of my top WordPress domains, wp-zen.com & zen-wp.com $300 for both. Aged 9 years. Drop a line if interested.
Never force your users to type out a password (or any long string of characters) by blocking the paste function. Typing long strings leads to MORE errors than simple copy/paste.