By OpsTao on

I need a custom message rather than the default 403 text. I created a basic page with the desired text and made it Published. I got that URL and entered it in the custom 403 field at Configuration > System > Site Information. But after trying this several times, it does not display when logged out.

I think I understand that the key problem is, Anonymous can't see Published nodes and this of course needs to be published. I tried using the Access Control module to make this page viewable by Anonymous. But this doesn't work, or else I am just missing some step.

Suggestions?
–– Thanks --

Comments

tomz0r’s picture

tomz0r commented

A simple work around could be to create a new content type e.g "Public Page" and setting permissions allowing anonymous users access.

admin > people > permissions

Edit:
Alternatively you could use nodeaccess: https://www.drupal.org/project/nodeaccess

VM’s picture

VM commented

create a custom content type for the error. Only allow anonymous users to see that content type and set as custom 403.

narendraR’s picture

narendraR
He/Him
Primary language English
Location Jaipur, India
commented

Which Access Control module you are using? Are you using that module only for this functionality?
You can set the node published and check if permission is checked on 'View published content' for Anonymous / All User. Also clear your site cache and than test.

Let's Drupal

OpsTao’s picture

OpsTao commented

I have installed both Access Control and Node Access, both of which were installed only in the attempt to find a solution to the custom 403 page effort. I cannot find a combination that works properly. The conundrum I seem to be stuck with is that Anonymous shouldn't be able to see all Published content, but then the custom 403 page needs to be published to work at all, doesn't it?

I found one combination that sort of works but with problems. I allow Anonymous to see all published content, but then use Access Control to specify that Anonymous can't see all my content types except the "Public Page" type created for the custom 403 page. Then I also have to promote the custom 403 page to front page, otherwise it doesn't show. That finally puts the 403 page where it should be, as the front page content seen by the non-logged-in user. BUT... Now Anonymous also sees the automatic slideshow that is part of this theme (Corporate Clean). That slideshow is not generated by a module, view, or content type – so not clear there is any way to limit viewing access. (It's generated from page.tpl.php.)

In general I see no core Permissions option for specifying that either a particular page or a content type can be viewed only by Anonymous, regardless of being published or not. Have I missed something really obvious? Please explain.
--Thanks--

VM’s picture

VM commented

https://www.drupal.org/project/customerror seems to fit the bill without need for content or extended access control.

OpsTao’s picture

OpsTao commented

Thanks for the tip on Custom Error. It is now implemented on my site, and seems to be an excellent and ideal solution. I had previously found this or a similar module, but had dismissed it because it was D6 only.

VM’s picture

VM commented

You're welcome. I think you are talking about finding the custom 403 module which is a D6 only module.

A bit more searching on my part using google and the following keywords 'Drupal Custom Error' uncovered the customerror.module

OpsTao’s picture

OpsTao commented

Sometimes you have to search outside of drupal.org in order to find things within it.

VM’s picture

VM commented

yourkeywords site:drupal.org in google will provide results only on drupal.org

opgobee’s picture

opgobee commented

I too had been struggling with this. The 'Customerror' module works well and solved the struggle. I had before also tried 'Front page' module to show a special page to anonymous users and a regular page to authenticated users, but that also didn't have the intended effect. I expected that setting a page to be shown when access is denied, would make that page be shown... when access is denied. But: no. Still seems a bit weird you need a special module to achieve that. The good news is that this module exists!

opgobee’s picture

opgobee commented

Alas... it works local, but after uploading the site to the hosting provider I get the Apache 'Forbidden. You don't have permission to access /index.php on this server.' error if not logged in.

On <SITENAME>/user I get the styled login page, can sign in and everything works.
But on only <SITENAME> or <SITENAME>/index.php it gives the Apache 403 error 'Forbidden. You don't have permission to access /index.php on this server.'

If in index.php the line that runs menu_execute_active_handler() is commented out, I get a blank page, but not the 'Forbidden' error . So I think index.php is accessible, but the issue occurs later on, in the Drupal handling.

So far I think I figured out, what happens (locally):

In index.php: runs menu_execute_active_handler() -->
In menu.inc menu_execute_active_handler(): as user is not logged in, it sets: $page_callback_result = MENU_ACCESS_DENIED; -->
In common.inc drupal_deliver_html_page(): case MENU_ACCESS_DENIED: it refers to customerror.
And serves the nice customerror 403 page in the Drupal environment that gives login opportunity.

However, online it seems to refer the 403 error back to Apache, that gives the plain 'Forbidden' page.

I have not yet figured out what makes this go different on prod server than local.
I do not see a reason in .htaccess.
Would someone have a suggestion, that would be appreciated!