I am using Apache 2.4 and I am blocking an access to a specific sub-domain for everyone except one IP address.
.htaccess:
Require all denied
Require ip 111.222.333.444
This returns an "403 Forbidden" status code.
How can I make it return "404 Not Found"?
No-one from outside should know about the existence of this sub-domain. So, from external point of view, I would like to make it "invisible". Thus, everyone who goes to that domain, will receive 404 as if it does not exist.
Is it possible?
You can use a RewriteRule:
RewriteCond %{REMOTE_ADDR} !^111.222.333.444$
RewriteRule ^ - [R=404,L]
However, this doesn't really hide the fact a sub-domain exists. It returns a page not found, which is not the same thing. Presumably your subdomain still has a DNS entry, so it can be looked up.
I would also question the need to do this, 403 exists for a reason and I can't see why not to return it. Whether or not you return a 403 or a 404, the site still exists so I don't know what you're trying to achieve. No method would be enough to deter a determined hacker, and it's probably a safer method to deny an ip at server level rather than trying to obfuscate via http redirects.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With