On Wed, Oct 06, 2004 at 11:43:21AM +0200, Jasper Filon wrote: > I have a little issue with the favicon file. My www root is password > protected. But i also have a /public directory, which can be accessed by > everyone. However, when someone opens a picture in his webbrowser by > opening "www.mydomain.com/public/pictures/picture.jpg", he or she gets a > login-dialog, because the browser tries to open > "www.mydomain.com/favicon.ico", which is a restricted directory. Does > anybody knows how to tell apache to simpy send a 404 (page not found) > instead of requiring username/password? Offcourse, i can create a > favicon.ico file and give the world read-access on that file, but there > must be a easier way to do this?
There's a meta setting you can use to specify an alternate location for
favicon.ico, but that's not so useful if you're pointing people directly at
things like images. I'd consider it a bit of a bug for a browser to pop up
an auth dialog for favicon.ico, but I guess you've got an uphill battle to
fix that in every browser.
The quick Apache fix would be to create a Location stanza for favicon.ico,
like so:
<Location /favicon.ico>
order allow,deny
deny from all
</Location>
which would give anyone who comes near it an (I think) 403 response code.
- Matt
signature.asc
Description: Digital signature
