Support

If you want to redirect Joomla's 403 page to a custom error page – this is not possible. Apache's custom error pages (which are NOT redirections) only apply when the content of the HTTP response producing the HTTP error code is less than 512 bytes long. Joomla generates a full page which is significantly over than limit.

Also, I don't understand what this is referring to (probably because autocorrect on your browser corrupted your English beyond recognition):

To black, the IP/IP Range I can duo in Admin Tools / Site IP Blacklist or in server CPanel / Security / Blocked IPs

This line is wrong and has no effect:

<Files 403-error.htm>

Therefore your solution is invalid to begin with. While you think that it's working "perfectly" it, in fact, does not work at all. The blocked IP address sees a 404 Not Found error. It should end with .html not .htm (since your error document is 403-error.html).

The second thing you are missing is that you are using the Frontend Protection of the .htaccess Maker. Therefore the 403-error.html file is inaccessible over the web. Go to Admin Tools, .htaccess Maker and find the "Allow direct access to these files" area. Add the following to a new line:

403-error.html

Click on Save & Create .htaccess. Now what you're trying to do will work.

Sorry for the delayed answer. Yesterday we had a power outage followed by an Internet outage. Service was restored last night, only for the power to go out, again, this morning. FINALLY I have both power and Internet.

I tried to reproduce your issue. I am using the .htaccess Maker like you do. I created a file named 403-error.htm (note that the extension .htm, NOT .html, .Htm, .Html, .HTM or .HTML – these are all different extensions and yes, case does matter).

In the .htaccess Maker I added the following to "Custom .htaccess rules at the top of the file":

ErrorDocument 403 /403-error.htm

I also added the following in a new line in the "Allow direct access to these files" area:

403-error.htm

Please note that the name, including the lowercase/uppercase letters of the filename and extension, match exactly the file on my site's root.

Trying to raise any kind of 403 error it works. I see the contents of my file instead of the default 403 error page. To make sure I am not mistaken I had my custom error page display "Baby did a bad, bad thing" (yes, that's Chris Isaak lyrics).

However, there is exactly one case where this doesn't work by itself (and I did test that it doesn't): when you are blocking access to an IP (e.g.with something like "deny from 111.222.333.444") AND you are trying to access a .php file. "Acces a .php files" also applies when you are trying to access a SEF URL on your site such as /foo/bar.html or index.php/foo/bar.html since this is a missing file which is redirected internally by Apache to your site's index.php (that's how SEF URLs work). Because of the way Apache works under the hood you do need to add the following to the "Custom .htaccess rules at the bottom of the file":

<Files "403-error.htm">
        Allow from all
</Files>

So, if you did follow my earlier advice to fix your code AND add the 403-error.html file to the "Allow direct access to these files" area your issue can no longer be reproduced. I can only assume that you missed one of the steps?

The only thing I can think of is that you are confusing what Joomla reports as a 403 with an HTTP 403 error response coming from your server. This is apples and oranges.

You cannot have Joomla's 403 response display an Apache custom error page. These are error pages created by Joomla itself, using the error.php file of your site's template (or a fallback to templates/system/error.php if the template does not provide one). Apache error handling is NOT involved in this case. For example, if you try to access an article that's not public without being logged in Joomla generates a 403 response using its own error page. Same goes for when Admin Tools is blocking access. These pages are rendered by Joomla and you cannot redirect them to Apache's error pages.

When Apache itself throws a 403 error (e.g. you try to access something that's forbidden in .htaccess) then and only then will the custom HTML error file be used.

This applies with Joomla's default .htaccess file as well. So I am not sure why you're saying that this works with it. I've tested it and, predictably, it doesn't work for the reason I explained. Apache uses its custom error pages only when the error response has no content. Joomla always generates content for its error response, therefore its content is used instead of the custom error page.

If you are trying to customize Admin Tools' error page the method you're following is wrong. The documentation already tells you how to create a template override and which option to set in Admin Tools to create a custom error just for requests blocked by Admin Tools.