Boyle Owen wrote: >> -----Original Message----- >> From: news [mailto:[EMAIL PROTECTED] On Behalf Of Mike - >> EMAIL IGNORED >> Sent: Monday, June 19, 2006 6:21 PM >> To: [email protected] >> Subject: [EMAIL PROTECTED] RE: /my.html#mySection >> Linux mbrc20 2.6.14-1.1656_FC4 #1 Thu Jan 5 22:13:22 >> EST 2006 i686 i686 i386 GNU/Linux >> >> Here is a (slightly edited with XXX YYY ZZZ) log line >> from httpd-2.0.54-10.3 : >> >> 64.233.173.67 - - [18/Jun/2006:14:03:11 -0400] >> "GET /XXX/XXX/YYY.html#ZZZ >> HTTP/1.1" 403 - "http://www.XXX.net/religion/XXX/XXX/YYY.html"; >> "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1 >> .NET CLR 1.1.4322)" > > Aha! now I get it - you're worried that the "#ZZZ" is some kind of hack? > > Er... no. It is simply a request to a particular "anchor" inside the page > /XXX/XXX/YYY.html. This is typically what you do when you are linking to a > subsection in a large page. For example, > http://httpd.apache.org/docs/2.2/mod/core.html#directory takes you straight > to the "directory" section in the "core.html" page.
The # bit is called the 'fragment'. Just remove the fragment from the URL, before you process the remainder. If you're not performing a redirect and are returning HTML then the client can select the anchor as needed. > In any case, the link is on your page /religion/XXX/XXX/YYY.html (i.e. since > there's a referer on the log line, the client must have clicked on a link in > that page - he didn't type in the URL). It's worth noting that you can't always rely on the client correctly sending the referer, in order to determine if they've clicked a link. Some Norton programs are notorious for mangling the request by removing referer headers amongst other things. > As for the 403 response - that implies that the resource /XXX/XXX/YYY.html is > under a "Deny" directive or the file is not readable by apache. > > Rgds, > Owen Boyle > Disclaimer: Any disclaimer attached to this message may be ignored. > > >> As you can see, good practice notwithstanding, there is a #YYY >> in the GET. I have confirmed this by examining the incoming >> packet captured with tethereal (ethereal-0.10.13-1.FC4.2) . >> >> Now the #ZZZ is legitimate in the sense that my YYY.html does >> contain that hypertext. However, in my experience, browsers do >> not normally send the #ZZZ, as explained above. >> >> My question is "how should I respond to it?" Here are choices: >> >> 1. Send 403 (Forbidden), which is what I do now. >> 2. Strip the #ZZZ in my CGI and YYY.html normally. >> 3. Something else I didn't think of. >> >> Additionally, I wonder why the #ZZZ appeared in the first place. >> >> Thanks for your interest in this. >> Mike. >> >> >> >> >> >> --------------------------------------------------------------------- >> The official User-To-User support forum of the Apache HTTP >> Server Project. >> See <URL:http://httpd.apache.org/userslist.html> for more info. >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> " from the digest: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> > Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen > Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a > private and personal nature. It is not related to the exchange or business > activities of the SWX Group. Le présent e-mail est un message privé et > personnel, sans rapport avec l'activité boursière du Groupe SWX. > > > This message is for the named person's use only. It may contain confidential, > proprietary or legally privileged information. No confidentiality or > privilege is waived or lost by any mistransmission. If you receive this > message in error, please notify the sender urgently and then immediately > delete the message and any copies of it from your system. Please also > immediately destroy any hardcopies of the message. You must not, directly or > indirectly, use, disclose, distribute, print, or copy any part of this > message if you are not the intended recipient. The sender's company reserves > the right to monitor all e-mail communications through their networks. Any > views expressed in this message are those of the individual sender, except > where the message states otherwise and the sender is authorised to state them > to be the views of the sender's company. > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] > " from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
