Stopping favicon 404 spam in Apache error logs

Favicons display many elements of the dark, early days of the Internet. Typically a 16×16 pixel image in ICO format (wtf is that?), they were introduced back in 1999 with Internet Explorer 5. More recently mobile browsers have followed in this unholy tradition by introducing more favicon files, bringing the list of files needing to be created / handled to:

  • favicon.ico
  • apple-touch-icon-precomposed.png
  • apple-touch-icon.png

Whilst they do provide a nice little visual logo space for your website or company, you may sometimes think they aren’t worth the bother. One unexpected problem: An Apache error log full of 404 errors from web browsers trying to locate /favicon.ico, /apple-touch-icon-precomposed.png and /apple-touch-icon.png files in your website’s root directory.

A simple way to prevent this is to add the following code to your apache virtualhost configuration:

Redirect 404 /favicon.ico

<Location /favicon.ico>
    ErrorDocument 404 "favicon does not exist"
</Location>

Redirect 404 /apple-touch-icon-precomposed.png

<Location /apple-touch-icon-precomposed.png>
    ErrorDocument 404 "apple-touch-icon-precomposed does not exist"
</Location>

Redirect 404 /apple-touch-icon.png

<Location /apple-touch-icon.png>
    ErrorDocument 404 "apple-touch-icon does not exist"
</Location>

Whilst this solution seems the most technically correct, it still means your server is going to be hit with constant 404 requests for the non-existant files on every page and frame load, although thankfully they should no longer be clogging up error logs. A more pragmatic approach is to create 3 blank files, 1 in ICO format and 2 in PNG format, placing them in your website’s root public directory as favicon.ico, apple-touch-icon-precomposed.png and apple-touch-icon.png. A good tip is to set the Expires header to sometime in the distant future to avoid any further favicon requests.

You will also need to add the following code to your page:

<link rel="shortcut icon" href="#" />

Now finally you can live in peace from bombardment of favicon requests …until browser makers start adding new favicon types.

Advertisements

libssh2 vs phpseclib

As tempting as it can be to make use of the simple include library which is phpseclib, it is better (if possible) to install the libssh2 module. Libssh2 it grants PHP access to your system’s OpenSSL implementation rather than relying on phpseclib’s own version which is reason alone to use libssh2 despite phpseclib being undeniably more portable, faster and offering enhanced debug facilities (there’s nothing to stop you switching to phpseclib purely to debug pesky issues or writing code first in phpseclib then porting to libssh2).

Whilst OpenSSL has come under attack recently with exploits such as Heartbleed, it remains one of the best tested and trusted security suites around. Major exploit discoveries like Heartbleed and Shellshock (with its openSSH attack vector) demonstrate the need for systems to be patched as soon as possible.

By using libssh2, any patch to the system’s OpenSSL implementation will be automatically applied to your PHP applications. On a related note, unattended-upgrades / yum-cron should always be enabled to ensure you are patched against exploits as they are released with a seemingly increasing regularity.

On a Ubuntu / Debian libssh2 can be installed via the command:

sudo apt-get install libssh2-php

On Red Hat based systems, use:

yum install libssh2

You then need to add the module to your php.ini file with the following line (place it after all the other extension loading calls):

extension=ssh2.so

Then finally restart apache.

In Javascript, the “equal and of the same type” definition only applies to values

The colloquial definition of === is “equal and of the same type” however this is only true for values. For objects, both x == y and x === y comparison will return false even if the x & y objects are identical in every way, it will only return true if x & y are both references to the same object. In the case of == this can be overridden with the use of a toString() / valueOf() functions, but not ===.

The actual definition of equality operators is that == tests for “loose equality” and === tests for “strict equality”. This rather ambiguous definition gives opening to the strange and somewhat inconsistent results which can arise during intricate equality comparisons.

The Mozilla Developer Network has a good rundown on how this loose comparison works out.

Doctrine not autoloading classes even when they exist

Using doctrine with silex is a great way to combine the power of a good ORM with the efficiency of a micro-framework, however doctrine – well-known for its step learning curve – can be even more frustrating for new users when used outside of the big well-integrated frameworks (e.g. Symfony & Zend.

One problem in particular can be with autoloading. First namespaces need to be taken care of, with a matching directory structure. The doctrine documentation helps with this.

An error which can be particularly troublesome is:

{"statusCode":500,"message":"Class 'SomeClass' does not exist"}

Even after creating the class and placing it in the correct place.

If you using composer, you may simply need to run “composer update” from the command line (wherever the project’s composer.json file is located) to reload the autoloading classes. Until this is done doctrine just won’t be able to see the file and will keep on complaining that it does not exist, even though it does.

Also, remember autoloading is case-sensitive so make sure you have this correct and that there aren’t old copies of wrongly cased files in the same directory.