I am testing blocking certain IP addresses on Apache (2.0 and 2.2).
When the blocked machine accesses anything under the root (e.g., mysite.com/index.html), it gets the forbidden page (either built-in or custom-defined with ErrorDocument) as expected.
However, when getting the root itself (e.g., mysite.com/), Apache serves the built-in test page ("if you can read this page"), instead of the forbidden page.
Requests for both the root and for files under the root get a 403 response and the error log shows "client denied by server configuration". The only difference is that when getting the root the user sees the test page, and when accessing anything under the root he sees the forbidden page.
Here is the entire .htaccess file in the root directory:
allow from all
deny from 0.0.0.0
where 0.0.0.0 is replaced by an actual IP address.
In httpd.conf, in the virtual host entry for the site, all I have is:
I've tried rewriting requests for the root to /index.html, but nothing seems to work.
Could this be a bug in Apache? Or is there something in the configuration that is making it behave this way?