Should error pages be strictly html?
.htaccess files are extremely useful in many cases for users who either do not have root permissions or for users who simply aren't comfortable in making changes in their web server's configuration file. Trying to debug .htaccess not working isn't always the easiest thing to do, however, hopefully by checking the discuss below mentioned about htaccess, apache, apache2, error, .htaccess common problems as well as the troubleshooting tips, you'll have a better grasp on what you may have to modify to get your .htaccess file running smoothly.Problem :I'm using PHP on Apache server
I'm wondering.. If the error pages should best be served as pure and simple html, without database connection etc.?
This would remove any chance of repeating/complicating an error that was caused by php or database, no?
I would say yes, simply because there isn't any need for dynamic error pages. For example: If your database is down or under pressure, it is unlikely that you will want your error pages to be attempting database connections. Likewise, if your server is under pressure, you don't want your error pages to be carrying out any server-side processing. All-in-all, I think that it is better to keep things simple in this regard.
In saying that, 404 error pages might prove to be the exception to this. Example: Showing the end-user a list of links to pages that are similar to the page that they were looking for.
This really depends on the error being served. For a 404 error, there would be no reason that there are any issues with the server - meaning all the php stuff should be working find. But if you have a 500 there may be an issue with the server, preventing php from running. This really depends on your tolerance for risk.
It depends on your situation.
Your PHP could also handle the lack of database connection in a nice way. But if you have a custom PHP with many possibilities for bugs and problems, go for an HTML page.
If you're using a system such as Drupal or WordPress it's best to go with whatever is provided there, possibly adding something such as a module such as Search 404 on Drupal that will take your visitors to a search page.
If you have a lot of traffic and the load on your servers might go up considerably when suddenly hundreds of people are refreshing a page it can be an idea to serve an image instead, served from a 3rd party service (e.g. Amazon) since it will take people more time to load the image and it will keep them from hitting Ctrl-R very quickly which would cause your load to go up even more.
You should only serve very generic error page to the user, as providing more details on error may disclose highly valuable information for malicious attacker.
Additionally, if you would like to do some further testing, give the htaccess tester tool a try. It allows you to specify a certain URL as well as the rules you would like to include and then shows which rules were tested, which ones met the criteria, and which ones were executed.
Comments
Post a Comment