2

As part of filtering out potential harmful traffic, I currently reject traffic where $_SERVER["HTTP_ACCEPT"] is empty.

I notice from my logs that a fair number of requests have been rejected due to the accept header being empty and some of them come from valid IP traffic when requesting favicon.ico.

I currently block these favicon.ico requests with a "403 Forbidden" (I know I should probably use 406 Not Acceptable).

I do have a favicon.ico on my site. I am aware that favicon.ico "not found" errors are not seen by the user. Is it the same for me blocking these pages or will they see the 403 Forbidden page?

I would like to test this myself, but I do not know how to generate a page request with empty headers. Perhaps if someone has a way to do this as well, it will help.

Thanks for your input.

mseifert
  • 359
  • 1
  • 4
  • 12

2 Answers2

1

Is it the same for me blocking these pages or will they see the 403 Forbidden page?

Blocked images, including favicon, does not result in a 403 page being displayed. The image will simply not be displayed in the same fashion as if it was not found.

Chris S
  • 77,337
  • 11
  • 120
  • 212
  • Based on what I've read elsewhere, it seems that a browser won't treat a 400 (not found) and a 403 (forbidden) differently. So it makes sense that 403 responses would only block the image as that is what happens with a 400. I may just add a rule that if the accept header is empty and the page is /favicon.ico, don't reject. It would speed up things anyway. Thanks for the assurance. – mseifert Jan 16 '14 at 20:50
1

That's pretty easy with telnet.

You could do something like this: open a command prompt (Execute cmd on Windows) and type these three lines:

telnet www.yoursite.com 80
GET /favicon.ico HTTP/1.1
host: www.yoursite.com
  • Type twice for an output
  • Type Ctrl+C to return to command prompt

You will get a nice output with headers and html.

Tips for those of us who last used telnet a million years ago, or for nebies:

  • On Windows 7 you might have to first enable your telnet client or server, see here.

  • Then if you are only seeing Connecting To localhost... see this answer because telnet does not by default echo what you type.

Community
  • 1
SamK
  • 1,326
  • 3
  • 14
  • 28
  • Using Telnet, I do get the 403 Forbidden Page, which makes sense since that is the response I have set up. However, the question then is still the same, will the user actually see the 403 Forbidden Page message or, because it is for an image, does the browser just not display the image but display everything else? I hoping to create a test scenario similar to the one that created the situation shown in the log so I could see what a user sees. – mseifert Jan 16 '14 at 20:28
  • I have no idea. May try some Firefox addons like [Live HTTP Headers](https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/) or [Modify Headers](https://addons.mozilla.org/en-US/firefox/addon/modify-headers/) – SamK Jan 17 '14 at 00:56
  • I already tried and discovered that if the accept is empty, it defaults back to the standard. I tried non-standard codes etc, but I couldn't find a way to trick it. Thanks for the suggestions. – mseifert Jan 17 '14 at 02:56