Now the #ZZZ is legitimate in the sense that my YYY.html does contain that hypertext. However, in my experience, browsers donot normally send the #ZZZ, as explained above.My question is "how should I respond to it?" Here are choices: 1. Send 403 (Forbidden), which is what I do now. 2. Strip the #ZZZ in my CGI and YYY.html normally. 3. Something else I didn't think of.I vote for 1.Additionally, I wonder why the #ZZZ appeared in the first place.a bug in the client I guess, I've seen this problem in some proxy server's mailing list...
I would guess all that happened was the user bookmarked the page with the anchor. I can't imagine it's a security problem. -ds --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|