[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: repeated requests for a file favicon.ico


This would do for normal webpages, but as Matthew pointed out, it does not work for direct-linked pictures (or .mov or anything else the browser can display). 


I added your sugestion to my httpd.conf and it works perfectly. I can see apache sending a 403 error to the browser, and the browser (tested with firefox and IE) does not pop up the annoying dialog anymore. Thanx a lot for your help!

I agree with you that maybe it would be better if the browser would interpret a authorisation request on a favicon.ico as a 404 (or 403) error, but on the other hand, the request for favicon isn't any different from a normal http request. Maybe you could even say it is up to apache to send the 403 rather than ask for authorisation. I think this could be an interresting discussion. 

Kind regards,


-----Original Message-----
From: Dominic Hargreaves [mailto:dom@tirian.magd.ox.ac.uk]On Behalf Of
Dominic Hargreaves
Sent: woensdag 6 oktober 2004 12:08
To: debian-security@lists.debian.org
Subject: Re: repeated requests for a file favicon.ico

On Wed, Oct 06, 2004 at 11:43:21AM +0200, Jasper Filon wrote:

> I have a little issue with the favicon file. My www root is password protected. But i also have a /public directory, which can be accessed by everyone. However, when someone opens a picture in his webbrowser by opening "www.mydomain.com/public/pictures/picture.jpg", he or she gets a login-dialog, because the browser tries to open "www.mydomain.com/favicon.ico", which is a restricted directory. Does anybody knows how to tell apache to simpy send a 404 (page not found) instead of requiring username/password? 

Personally, I'd set a
<link rel="shortcut icon" href="/public/favicon.ico"> or similar. 
I'm not sure if IE respects this, but I believe most other browsers do.


Dominic (wandering rapidly off-topic).

To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: