You don’t have permission to access /panel/indexpl.php on this server.
Other Information
This is in the CPanel. I am receiving a 403 error after trying to input details in the form for the error page types (400, 401, 402, 403, 404, 405, etc.)
Also before you say, this website will redirect requests to my server as its a hosting website that I made for friends.
Hi @chiucs123
I double-checked my website and I confirmed that it does work for me,
This may be just DNS records adapting for you, as this is a .rf.gd domain which is one provided by InfinityFree already on IF nameservers.
Edit: I ended up using just the .htaccess file to configure the ErrorDocument property, thanks for the quick recognition of a new post anyways!
Usually, ISPs and network administrators of every level would have some sort of DNS caching to improve network performance, if you have visited the website before, somewhere upstream of your connection would have your DNS records cached somewhere with a considerable expiration lifespan before the NS went down.
For those who never visited your website and attempts to visit your website during the downtime, we get no response as they are down and upstream caches do not have your records, hence the DNS error.
I can confim that using another location, I can see your website and the subsequent redirection.
I have Firefox and a Ubiquiti router, it seems fine on my end and it updates on every refresh.
I got sent to a http://rf.gd/ website every time I tried to register an account for the whole last year, this is a great example of good old DNS caching. To prevent this, you can just change your Primary DNS to something else, like 8.8.8.8 or 1.1.1.1.
You may also want to try the error pages feature in the client area. The control panel one has some security filters that will block you if you enter “something suspicious”, which could also be a completely normal URL.
The client area allows any URL, and even lets you use files as error pages instead of URLs.
But people can abuse this by setting up their own ErrorDocument property in the .htaccess file anyways. I don’t really get why there is a filter.
Edit: so is this just a third-party hosting provider problem?
My best guess is that it’s to protect the control panel against remote code execution, SQL injection, XSS and other cyber attacks directed at the control panel itself. Other features, like Redirects, suffer from the same issue.
Also, I don’t think these filters are designed to actually block certain URLs, but rather to protect the control panel against malicious input data.
If you want to learn more, you can read up on Web Application Firewalls and mod_security.
I don’t think it’s to protect your hosting account, because as you said, you can configure whatever error pages you want yourself.