If you decide to use the allow
and deny
directives to respectively allow or deny access to a resource on your server, clients who are being denied access will usually fall back on a 403 Forbidden
error page. You carefully set up a custom, user-friendly 403 error page for your clients to understand why they are denied access. Unfortunately, you cannot get that custom page to work, and clients still get the default Nginx 403
error page. You have provided the following code for doing do:
server { […] allow 192.168.0.0/16; deny all; error_page 403 /error403.html; }
The problem is simple: Nginx also denies access to your custom 403 error page! In such a case, you need to override the access rules in a location block specifically matching your page. You can use the following code to allow access to your custom 403 error page only:
server { […] location / { error_page 403 /error403.html; allow 192.168.0.0/16; deny...