Boyle Owen wrote: >> -----Original Message----- >> From: news [mailto:news@xxxxxxxxxxxxx] On Behalf Of Mike - >> EMAIL IGNORED >> Sent: Monday, June 19, 2006 6:21 PM >> To: users@xxxxxxxxxxxxxxxx >> Subject: [users@httpd] RE: /my.html#mySection >> Linux mbrc20 2.6.14-1.1656_FC4 #1 Thu Jan 5 22:13:22 >> EST 2006 i686 i686 i386 GNU/Linux >> >> Here is a (slightly edited with XXX YYY ZZZ) log line >> from httpd-2.0.54-10.3 : >> >> 64.233.173.67 - - [18/Jun/2006:14:03:11 -0400] >> "GET /XXX/XXX/YYY.html#ZZZ >> HTTP/1.1" 403 - "http://www.XXX.net/religion/XXX/XXX/YYY.html"; >> "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1 >> .NET CLR 1.1.4322)" > > Aha! now I get it - you're worried that the "#ZZZ" is some kind of hack? > > Er... no. It is simply a request to a particular "anchor" inside the page /XXX/XXX/YYY.html. This is typically what you do when you are linking to a subsection in a large page. For example, http://httpd.apache.org/docs/2.2/mod/core.html#directory takes you straight to the "directory" section in the "core.html" page. The # bit is called the 'fragment'. Just remove the fragment from the URL, before you process the remainder. If you're not performing a redirect and are returning HTML then the client can select the anchor as needed. > In any case, the link is on your page /religion/XXX/XXX/YYY.html (i.e. since there's a referer on the log line, the client must have clicked on a link in that page - he didn't type in the URL). It's worth noting that you can't always rely on the client correctly sending the referer, in order to determine if they've clicked a link. Some Norton programs are notorious for mangling the request by removing referer headers amongst other things. > As for the 403 response - that implies that the resource /XXX/XXX/YYY.html is under a "Deny" directive or the file is not readable by apache. > > Rgds, > Owen Boyle > Disclaimer: Any disclaimer attached to this message may be ignored. > > >> As you can see, good practice notwithstanding, there is a #YYY >> in the GET. I have confirmed this by examining the incoming >> packet captured with tethereal (ethereal-0.10.13-1.FC4.2) . >> >> Now the #ZZZ is legitimate in the sense that my YYY.html does >> contain that hypertext. However, in my experience, browsers do >> not normally send the #ZZZ, as explained above. >> >> My question is "how should I respond to it?" Here are choices: >> >> 1. Send 403 (Forbidden), which is what I do now. >> 2. Strip the #ZZZ in my CGI and YYY.html normally. >> 3. Something else I didn't think of. >> >> Additionally, I wonder why the #ZZZ appeared in the first place. >> >> Thanks for your interest in this. >> Mike. >> >> >> >> >> >> --------------------------------------------------------------------- >> The official User-To-User support forum of the Apache HTTP >> Server Project. >> See <URL:http://httpd.apache.org/userslist.html> for more info. >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> > Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a private and personal nature. It is not related to the exchange or business activities of the SWX Group. Le présent e-mail est un message privé et personnel, sans rapport avec l'activité boursière du Groupe SWX. > > > This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|