[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Need Help with the Debian Securing Manual (contributions accepted)

On Sun, Sep 23, 2001 at 06:40:46PM -0700, Nicole Zimmerman wrote:
> Yup, I'm not using a proxy.
> http://www.debian.org/doc/manuals/securing-debian-howto/
> I can access the following URL (which I found by going through the
> www.debian.org/doc tree):
> http://www.debian.org/doc/manuals/securing-debian-howto/index.en.html

On a hunch, I tried viewing the page with different accept-language
settings. With no language specified or with English (en) on the list
of accepted languages, the page loads fine. Without English (say, if
I specify US English (en-us) and German (de)), I get a 403.

>From http://www.debian.org/intro/cn :

 One thing you need to be careful of is using sub-categories of languages.
 Using 'en-GB, fr', for example, does not do what most people expect (if
 they have not read the HTTP specification). A server that receives a
 request for a document with a preferred language of 'en-GB, fr' when both
 an 'en' and 'fr' version exist will serve the French one. It will only
 serve the English document before the French one if there is a version of
 the file with en-gb for the language extension. Thus, you should configure
 your browser to send 'en-GB, en, fr' or simply 'en, fr'. It does work the
 other way though, e.g. a server can return en-us when en is requested.

 We strongly recommend that you do not add country extensions to a language
 unless you have good reason. If you do add one, make sure you also include
 the language without the extension.

and from http://httpd.apache.org/docs/content-negotiation.html :

 [...] This works because browsers can send as part of each request
 information about what representations they prefer. For example, a
 browser could indicate that it would like to see information in French,
 if possible, else English will do. Browsers indicate their preferences
 by headers in the request. To request only French representations, the
 browser would send

 Accept-Language: fr

 Note that this preference will only be applied when there is a choice of
 representations and they vary by language.

Mozilla's default language setting is only US English (en-us). My
guess is that people getting 403s are running their browsers with
out of the box language settings or have changed language settings
but haven't listed 'en' as an acceptable language. I don't know
why these settings would work elsewhere on www.debian.org but not
on doc/manucals/securing-debian-howto/ .

William Aoki     waoki@umnh.utah.edu       /"\  ASCII Ribbon Campaign
3B0A 6800 8A1A 78A7 9A26 BB92              \ /  No HTML in mail or news!
9A26 BB92 6329 2D3E 199D 8C7B               X
                                           / \

Reply to: