Now the #ZZZ is legitimate in the sense that my YYY.html does
contain that hypertext. However, in my experience, browsers do
not normally send the #ZZZ, as explained above.
My question is "how should I respond to it?" Here are choices:
1. Send 403 (Forbidden), which is what I do now.
2. Strip the #ZZZ in my CGI and YYY.html normally.
3. Something else I didn't think of.
I vote for 1.
Additionally, I wonder why the #ZZZ appeared in the first place.
a bug in the client I guess, I've seen this problem in some proxy server's
mailing list...
I would guess all that happened was the user bookmarked the page with the
anchor.
I can't imagine it's a security problem.
-ds
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]