.htaccess - Deny all except one folder

Question

I am trying to deny all connections to my website using .htaccess that looks something like this:

ErrorDocument 403 /errors/403\.php

SetEnvIfNoCase Request_URI "^/errors/403\.php$" HANDLE403
order deny,allow
deny from all
allow from 188.167.150.5
allow from 78.145.188.71
allow from env=HANDLE403  

AddType application/x-httpd-php53 .php
AddType application/x-httpd-php5 .php52
AddType application/x-httpd-php .php4

The .htaccess file is stored in the root folder of my ftp and this works fine, however I want to use custom Error 403 page which is saved in Errors folder on the same ftp, so basically it gets blocked too. I have tried to create a new .htaccess in the Errors folder (as suggested in other topics) with this code:

order allow,deny
allow from all

AddType application/x-httpd-php53 .php
AddType application/x-httpd-php5 .php52
AddType application/x-httpd-php .php4

But it still doesn't work and I get just the default 403 page with "Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request."

Any idea how I could fix this, so that the error files are accessible by all, while the rest is denied for all except few specific IPs?

Answer 1

Use your custom handler like this:

ErrorDocument 403 /errors/403.php

order deny,allow
deny from all
allow from 188.167.150.5
allow from 78.145.188.71