Welcome to WebmasterWorld Guest from 34.236.171.181

Forum Moderators: Ocean10000 & phranque

Message Too Old, No Replies

Java/1.4.1_04

ReWriteCond question.

     
3:43 am on Jan 18, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Apr 27, 2002
posts:1685
votes: 0


80.218.**.*** - - [17/Jan/2004:09:30:05 -0800] "GET / HTTP/1.1" 403 262 "-" "Java/1.4.1_04"
80.218.**.*** - - [17/Jan/2004:09:30:06 -0800] "GET /403.html HTTP/1.1" 200 480 "-" "Java/1.4.1_04"

If I'm looking at this correctly, the first request was fed a 403 that only took 262 of the 480 available bytes.

Now, the second request asked for the 403 file and was fed a 200 code, thus taking the entire 480 bytes.

RewriteCond %{HTTP_USER_AGENT} Java1 [NC,OR]

I don't understand why this user 'asked' specifically for the 403.html just after being denied access, in the first place?

Is the ability to pull this file with a UA that is banned, cause for furthur concern, or is the 403.html file itself excused?

Thanks.

5:22 am on Jan 18, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


pendanticist,

It is usual practice to allow everybody - good and bad - to fetch your robots.txt and your custom 403-Forbidden error page if you have one. Otherwise, there are certain cases where robots.txt has a disallow backed up by a stronger blocking in .htaccess. Some undesirable UA comes in, gets a 403 response on robots.txt, and then gets a 403 on the 403 page itself. This is 'bad internet protocol' and might even lead to an infinite request loop, so most properly written 'security' code allows open access to error pages and robots.txt.

Jim

8:59 pm on Jan 20, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Apr 27, 2002
posts:1685
votes: 0


I see. Then it was an intentional request and they were fed just what they were supposed to get...the 403.html file.

Will updating my coding to xhtml cause me any problems, in this or any other way?

9:57 pm on Jan 20, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


Actully, I don't know.

Personally, I would use html for all error handling. This minimizes the chances of any problems with older client software, and you don't really need the added capabilities for this kind of stuff anyway -- I'd go with the KISS principle for error-handling.

Jim

1:42 am on Jan 21, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Apr 27, 2002
posts:1685
votes: 0


Guess that means I stay at 4.0 for awhile longer...
2:12 am on Jan 21, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


Just for error handlers. Do whatever you want with the 'big stuff'. Just keep your error pages 'universally accessible'.

Jim

4:07 am on Jan 21, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Apr 27, 2002
posts:1685
votes: 0


That's what I'm saying. They are part and parcel of one another within the context of my question.

I suppose I could do it, but that one lone closing tag which can NOT be closed might stick out. Gonna take some testing, but the last time I installed Opera I had fits.

I've since uninstalled it because to this day, using newest IE, if I go to View > Toolbars and deselect McAffee, my Google Toolbar goes away. If I set the toolbar to deselect Google, McAffee goes away. Select Google, McAffee appears. Select McAffee, Google Appears. <Yikes!>

However, I can do all that multi-browser testing on the server [webmasterworld.com...] once I've got it all set up. Then again, I just remembered that using <Font> renders IE great, but without those H1 tags, the viewer has to render the text size DOWN to get the same results IE does. I thought to correct that, I'd have to update my code.

Won't matter what Opera does and I can address any browser issues there. That way I won't have to clutter up this machine.

Thanks, Jim. :)