The 403 forbidden custom error page
If you decide to use allow
and deny
directives to allow or deny access, respectively, to a resource on your server, clients who are being denied access will usually fall back on a 403 Forbidden
error page. You carefully set up a custom, user-friendly 403 error page for your clients to understand why they are denied access. Unfortunately, you cannot get that custom page to work, and clients still get the default Nginx 403 error page:
server { [...] allow 192.168.0.0/16; deny all; error_page 403 /error403.html; }
The problem is simple: Nginx also denies access to your custom 403 error page! In such a case, you need to override the access rules in a location
block specifically matching your page. You can use the following code to allow access to your custom 403 error page only:
server { [...] location / { error_page 403 /error403.html; allow 192.168.0.0/16; deny all; } location = /error403...