Re: Need Help with the Debian Securing Manual (contributions accepted)
On Sun, Sep 23, 2001 at 06:40:46PM -0700, Nicole Zimmerman wrote:
> Yup, I'm not using a proxy.
> I can access the following URL (which I found by going through the
> www.debian.org/doc tree):
On a hunch, I tried viewing the page with different accept-language
settings. With no language specified or with English (en) on the list
of accepted languages, the page loads fine. Without English (say, if
I specify US English (en-us) and German (de)), I get a 403.
>From http://www.debian.org/intro/cn :
One thing you need to be careful of is using sub-categories of languages.
Using 'en-GB, fr', for example, does not do what most people expect (if
they have not read the HTTP specification). A server that receives a
request for a document with a preferred language of 'en-GB, fr' when both
an 'en' and 'fr' version exist will serve the French one. It will only
serve the English document before the French one if there is a version of
the file with en-gb for the language extension. Thus, you should configure
your browser to send 'en-GB, en, fr' or simply 'en, fr'. It does work the
other way though, e.g. a server can return en-us when en is requested.
We strongly recommend that you do not add country extensions to a language
unless you have good reason. If you do add one, make sure you also include
the language without the extension.
and from http://httpd.apache.org/docs/content-negotiation.html :
[...] This works because browsers can send as part of each request
information about what representations they prefer. For example, a
browser could indicate that it would like to see information in French,
if possible, else English will do. Browsers indicate their preferences
by headers in the request. To request only French representations, the
browser would send
Note that this preference will only be applied when there is a choice of
representations and they vary by language.
Mozilla's default language setting is only US English (en-us). My
guess is that people getting 403s are running their browsers with
out of the box language settings or have changed language settings
but haven't listed 'en' as an acceptable language. I don't know
why these settings would work elsewhere on www.debian.org but not
on doc/manucals/securing-debian-howto/ .
William Aoki email@example.com /"\ ASCII Ribbon Campaign
3B0A 6800 8A1A 78A7 9A26 BB92 \ / No HTML in mail or news!
9A26 BB92 6329 2D3E 199D 8C7B X