Is there a way to force apache to return 404 instead of 403?

RedirectMatch as in e.g.

RedirectMatch 404 /\.

does the trick, it prohibits access to all files or directories starting with a dot, giving a "404 Not Found" error.

From the Apache manual: "The Redirect[Match] directive maps an old URL into a new one by asking the client to refetch the resource at the new location." By default, Redirect sends a 302 return code, but it can also return other status codes as shown above.

After having the same problem, I ended up with the following .htaccess file

Options -Indexes
RewriteCond %{HTTP_HOST} ^(www\.)?mydomain.com [NC]
RewriteRule ^(.*)/$ - [R=404,NC]

The 1st and 3rd line ensure that you can't list the folder content, and if you do it you will receive a 404 error. The RewriteCond directive ensures that this rewrite rule only applies to main domain. Since I have several subdomains, without the rewritecond, accessing www.mydomain.com/subdomain was also returning a 404, which was not what I intended.

You can make something like this:

.htaccess

ErrorDocument 403 /error/404.php

404.php

<?php
$status = $_SERVER['REDIRECT_STATUS'] = 404;
header( $_SERVER['SERVER_PROTOCOL'] . ' ' . $status);
?>

404 Error