Apache :: Want to respond 403 instead of 301, using mod_md, How?

takfuji · Joined: 09 Mar 2016 Posts: 7 Location: JP

I enabled SSL using mod_md. It works, but Apache sends response 301 instead of 403 although SetEnv is set to reject.

[environment]
Apache 2.4.54 on Windows 10 w/latest patch.
httpd.conf is as follows (subject portion only):

-------------- snip ------------
SetEnvIf User-Agent "foo" reject
SetEnvIf Request_URI "bar" reject
SetEnvIf Request_Method "CONNECT" reject

MDBaseServer on
(other md settings come here)

ExtendedStatus On
<VirtualHost *:80>
ServerName somehost.com
DocumentRoot "d:\docroot"
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
ServerName somehost.com
SSLSessionTickets on
DocumentRoot "d:\docroot"
</VirtualHost>
<Directory "d:\docroot">
Options FollowSymLinks Multiviews
AllowOverride all
<RequireAll>
Require not env reject
Require all granted
</RequireAll>
</Directory>
------------------- snip ------------

[problem]
Above setting responds 301 even if "foo" or "bar" is hit.
I want to respond reject(403).
Where am I setting wrong?

It was sending 403 before enabling SSL.
Appreciate if gurus here help me.
AdvaThanksnce

tangent · Moderator Joined: 16 Aug 2020 Posts: 348 Location: UK

Try putting your <RequireAll> code in a <Location /> block rather than <Directory "xxx"> block.

That works for me in a test server instance.

takfuji · Joined: 09 Mar 2016 Posts: 7 Location: JP

Moved <RequireAll> into <Location /> block, and tested myself by "GET mydomain/bar". Sure enough, I got 403!
Thanks a lot.