homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / WebmasterWorld / The Macintosh Webmaster
Forum Library, Charter, Moderators: travelin cat

The Macintosh Webmaster Forum

apple-touch-icon.png 404s?

 4:27 pm on May 27, 2014 (gmt 0)

This morning I stated getting a LOAD of requests for my apple-touch-icon.png file, which I've never bothered to make. I used to get a few. So those requests just all get 404'd. No biggie. But why am I suddenly getting lots and lots of such requests? Now, if it were an aggressive bot, you'd think it would be from one IP, but it's from many many different IPs. Is this some kind of malicious attack? Or does the world suddenly want to bookmark my site on their mobile devices?

Now, it's frankly easier just to let them get 404s but, just for fun, I made up a apple-touch-icon.png file, and put it in my site root directory, right where my favicon.ico file is. But those requests for it (GET /apple-touch-icon.png HTTP/1.1) are still getting handed 404s. Why aren't people getting that apple-touch-icon.png file? I'm confused.


travelin cat

 4:41 pm on May 27, 2014 (gmt 0)

Do you have a mobile version of your site? If so that's where the bots are looking for the icons.

There are six icons that are usually requested. On our mobile versions we post them in the head like this (the mobile website is located in a directory in the root called "m"):

<link rel="icon" href="http://example.com/m/icons/icon32.png">
<link rel="shortcut icon" href="http://example.com/m/icons/icon32.png">
<link rel="apple-touch-icon" href="http://example.com/m/icons/icon57.png" sizes="57x57">
<link rel="apple-touch-icon" href="http://example.com/m/icons/icon114.png" sizes="114x114">
<link rel="apple-touch-icon" href="http://example.com/m/icons/icon72.png" sizes="72x72">
<link rel="apple-touch-icon" sizes="80x80" href="http://example.com/m/icons/icon80.png">

You may wish to try something similar.


 4:55 pm on May 27, 2014 (gmt 0)

Thanks. It's just a server for presentation files -- pdfs and ppts, so no "mobile version" is needed. Now, that being the case, and since I never made any changes to it, why the hell am I suddenly getting bombarded by bots looking for that icon?

Now, if the requests all look like "GET /apple-touch-icon.png HTTP/1.1", isn't this what might be posted in my HEAD? That is, something like

<link rel="apple-touch-icon" href="./apple-touch-icon.png">

But my understanding is that if I want this icon to apply to the whole site, and not just a particular page, I don't need that line.


 7:43 pm on May 27, 2014 (gmt 0)

The <link rel> line is optional, just like favicon.ico. If a user-agent has no information to the contrary, it will look for it in the root. So a request for


will get a file located at


Are the requests coming in for this exact form of the name? All variations, like -57x57- and -precomposed, are separate files with separate requests. There's a standard list that user-agents go through if they don't find their first choice. (That's the main reason for the <link rel lines: so the browser doesn't have to go through a whole trial-and-error checklist.)

It's definitely mystifying if they're getting a 404 on requests for files with the exact name and location of the one that really does exist. So double-check this part.


 8:16 pm on May 27, 2014 (gmt 0)

OK, the file is named right. When I go to my own website URL, substituting mycomputer.com/mysite/apple-touch-icon.png for mycomputer.com/mysite/homepage.html, I get the icon just fine.

What I see in my log is lots and lots of requests like this - - [27/May/2014:14:54:26 -0500] "GET /apple-touch-icon.png HTTP/1.1" 404 218 "-"

Now, I don't quite understand. To what extent are those requests pointing at "mysite"? Which site are they pointing at? There are several sites on this machine in different accounts, and those probably don't have apple-touch-icon.png files. I'm beginning to think all those requests aren't even aimed at this website, but are aimed at the computer.

If they are pointed at root, where exactly are the root icon files found?

Now, of course, if I'm suddenly getting a flood of apple-touch-icon.png requests aimed at my computer, rather than this website on it, they're almost certainly malicious.


 9:35 pm on May 27, 2014 (gmt 0)

I'm beginning to think all those requests aren't even aimed at this website, but are aimed at the computer.

Do you mean that you've got several domains living on the same server, and your logs agglomerate all the different hosts into a single file? Can't you change that so each hostname is logged separately?

In any case, you shouldn't allow people to visit using the bare IP. Redirect to some chosen hostname, or block outright.


 9:57 pm on May 27, 2014 (gmt 0)

Actually, one site is heavily used, the other not so much. So I've never bothered to log them separately. I probably should, one of these days.

How exactly do I not allow people to visit the bare IP? I guess I know how to redirect a GET /apple-touch-icon.png, but how do I do a more general block?

Also, where are the root icons located?


 11:06 pm on May 27, 2014 (gmt 0)

"root" = same directory where you put your robots.txt, favicon.ico, and possibly htaccess if you've got one.

How exactly do I not allow people to visit the bare IP?

This is part of the general domain-name-canonicalization redirect. Exact wording will depend on your server type. In Apache it's a RewriteRule with accompanying RewriteCond looking at %{HTTP_HOST}.


 11:39 pm on May 27, 2014 (gmt 0)

Well, if people are trying to GET /apple-touch-icon.png, they sure aren't going into any of my root directories for my sites, where I keep all that other stuff (favicon, htaccess). My sites are organized by user names, as in mycomputer.com/~account1/mysite.html, and mycomputer.com/~account2/myothersite.html. Those sites reside in the folders ~account1/Sites and ~account2/Sites, which I guess you can call the root folders for each site.

I should have specified it, but this is Mac 10.6.8.

So when someone is trying to GET /apple-touch-icon.png on my machine, where exactly are they trying to get it from? From my / directory?


 12:37 am on May 28, 2014 (gmt 0)

which I guess you can call the root folders for each site

"root" = the directory that contains the index.html file that users see when they ask for the bare (sub)domain name.

where exactly are they trying to get it from? From my / directory?

Only you can answer that-- and then only if you first separate the logs so each hostname has its own file. Or set a logging level that shows the hostname as part of the log entry. (I don't speak Apache, so I would have to look up the terminology.)


 1:12 am on May 28, 2014 (gmt 0)

"root" = the directory that contains the system index.html file that users see when they ask for the bare (sub)domain name.

Aha! That's it. Thanks. It's in /Library/Webserver/Documents. That's where there is a blank favicon file, and also my index file (which basically says "No Access!". So that's the bare (sub)domain root directory.

Now that's where I need to put some kind of apple-touch-icon.png. Or I assume I can put a .htaccess there that shunts everyone trying to get anything there to my index file.

Of course, the other option is just to let these jerks who are trying to get the apple-touch-icon.png from my system web root directory continue to get 404'd. Doesn't bother me. Should it?

The vast number of GET /apple-touch-icon.png requests I saw this morning has dissipated (which is what I was originally asking about), and now I'm just getting one every once in a while. Would still be interesting to know what triggered that flood.

Global Options:
 top home search open messages active posts  

Home / Forums Index / WebmasterWorld / The Macintosh Webmaster
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved