Pfui - 4:20 pm on Feb 3, 2012 (gmt 0)
FWIW: Here's an update re Facebook's UAs and fondness for traversing directories via the attack-typical /../ route. [en.wikipedia.org...]
1.) A legit visitor first used this torturous, Fb-related UA to hit a single .html page and its nine graphics:
Mozilla/5.0 (iPhone; U; CPU iPhone OS 5_0_1 like Mac OS X; en_US) AppleWebKit (KHTML, like Gecko) Mobile [FBAN/FBForIPhone;FBAV/4.1;FBBV/4100.0;FBDV/iPhone4,1;FBMD/iPhone;FBSN/iPhone OS;FBSV/5.0.1;FBSS/2; FBCR/AT&T;FBID/phone;FBLC/en_US;FBSF/2.0]
2.) Then they/Fb switched to a SECOND UA to re-hit the same page:
Facebook 4100.0 (iPhone; iPhone OS 5.0.1; en_US)
3.) Then they/Fb used a THIRD UA to re-hit the same graphics, this time using /../:
Facebook/4100.0 CFNetwork/548.0.4 Darwin/11.0.0
The latter generated 400s (Bad Request) for every re-hit graphic. Not 403s per my /../ blocks, but 400s:
"GET /../dir/file.gif HTTP/1.1" 400 293 "-" "Facebook/4100.0 CFNetwork/548.0.4 Darwin/11.0.0"
The person was probably looking to include a link to the page in a post or message. But nine 400s in eight seconds is not someone clicking through images to pick a corresponding graphic.
It's Fb messing up.