Use static HTML file for 404 page

[DrQuincy]

Just an idea really. Recently, I had server issues due to a ton of 404s that were all firing up ProcessWire. It was an unusual scenario but it made me wonder if it's possible to have a static HTML page that is used for either all 404s — or maybe some 404s.

All 404s would be simpler. Is it possible to switch this off so that Apache handles all 404s instead of PW?

Just thinking out loud but I also wondered if it would be possible to restrict the static 404 page to certain extensions such as images. In my example above, the server overload was due to broken image links.

I'd still like all other errors (e.g. 500, 403) to go through PW.

Thanks. 🙂 

[bernhard]

Ryan wrote a blog post for you: https://processwire.com/blog/posts/optimizing-404s-in-processwire/ 😉 

[DrQuincy]

Perfect, thanks!

On this comment:

Quote

If you aren't using ProcessWire's $config->pagefileSecure setting (and most sites aren't) then you might want to prevent ProcessWire from serving 404s for non-existent image files.

I am not setting this to true in my config.php. However, I do have some sites where under the Access tab of the template I have Prevent direct access to file assets owned by pages using this template? set to Yes, always. Does this effectively set $config->pagefileSecure = true for all assets belonging to pages that use that template? In other words, if you are wanting to manage access to assets you cannot use a static 404 HTML file. Is that right? It makes sense but I just wanted to check.

[bernhard]

13 hours ago, DrQuincy said:

In other words, if you are wanting to manage access to assets you cannot use a static 404 HTML file. Is that right? It makes sense but I just wanted to check.

I don't think so but I don't have time to look into it 🙂 

[BrendonKoz]

Searching the ProcessWire files for the phrase, "Prevent direct access to file assets owned by" led me to ProcessTemplate.module in wire/modules/Process/ProcessTemplate. From there, this is the relevant code:

/**
 * Build the "pagefileSecure" field for the "access" tab
 * 
 * @param Template $template
 * @return InputfieldRadios
 * 
 */
protected function buildEditFormAccessFiles(Template $template) {

	/** @var InputfieldRadios $f */
	$f = $this->wire()->modules->get('InputfieldRadios');
	$f->attr('id+name', 'pagefileSecure');
	$f->label = $this->_('Prevent direct access to file assets owned by pages using this template?');
	$f->icon = 'download';
	$f->description =
		$this->_('When direct access to a file in [u]/site/assets/files/[/u] is blocked, ProcessWire can manage delivery of the file, rather than Apache.') . ' ' .
		$this->_('This enables the file to be access controlled in the same manner as the page that owns it, while still using the original file URL.') . ' ' .
		$this->_('Note that it takes more overhead to deliver a file this way, so only choose the “Yes always” option if you need it.');
	$f->notes =
		$this->_('Always test that the access control is working how you expect by attempting to access the protected file(s) in your browser.') . ' ' .
		$this->_('Do this for when you expect to have access (logged-in) and when you do not (logged-out).');
	$f->addOption(0, $this->_('No') . ' ' . 
		'[span.detail] ' . $this->_('(uses site-wide configuration instead)') . ' [/span]');
	$f->addOption(1, $this->_('Yes when page is unpublished, in the trash, or not publicly accessible'));
	$f->addOption(2, $this->_('Yes always, regardless of page status or access control'));
	$f->val((int) $template->pagefileSecure);
	if(!$template->pagefileSecure) $f->collapsed = Inputfield::collapsedYes;
	
	return $f;
}

Considering the attribute name is pagefileSecure, I would think it'd be safe to assume that, yes, that enabled pagefileSecure for those templates within your site. I don't use pagefileSecure myself, so I don't know if there's an adjustment that could be made to the htaccess so that secure pagefiles can work as expected, while insecure can still not be rendered by ProcessWire. There might be some results of people working with that in these forums. (I'd normally look, but unless I revisit this later, my break time is up!)

[cwsoft]

Guess one part of the story is that pagefileSecure relies on .htaccess available on Apache servers. So it won‘t work on NGINX powered servers unless you port the htaccess over to NGINX equivalent - if possible at all.  As htaccess can inherit rules from parent folders and can be disabled from your ISP, it is good practice to test htaccess access restrictions before it goes live. 

Edited August 26 by cwsoft

[DrQuincy]

I think you're right. It makes sense you can't tell PW to ignore images while at the same time handling access for them.

[BrendonKoz]

I mostly wasn't sure if an adjustment to the htaccess rules if also using the setting for pagefileSecurePathPrefix might provide a workaround.

EDIT: It does not appear as though there is a simple workaround here.