Hints & Tips

• Home
• Pictures
• PHP Scripts
• Hints & Tips
• Surviving Unexpected Power Outages
• Network UPS Tool Setup
• What I love

Here you will find some (hopefully) useful tips to overcome problems I've encountered over time. The advice is free and as with all things that are free there is no support if you cannot get it working.

Favicon

Those new to the web world may be looking at their webserver error logs and asking "What is that favicon.ico not found error that is filling my Error_log?" and "How do I get a custom icon next to my bookmark link in Internet Explorer?" These may sound like unrelated questions, yet both can be answered at the same time.

First off no one is hacking into your site, adding mysterious little snippets for your error logs to report as missing. The "favicon.ico not found" that you see in your error logs is actually the browser at work. Browsers automatically look for a file it thinks you should have whenever someone creates a bookmark or a shortcut to a page on your site. Those custom icons are the favicon.ico that browsers are so diligently searching for. In addition to appearing in the Favorites menu, the favicon.ico replaces the default browser icon in the Address bar at the top of the browser. All right, mystery solved, but what can you do about it?

The easiest way to get your server to stop reporting the file as not found is to put it on your server. As a bonus, your site will then have that cool little custom icon! You'll notice my site has a cool little mini version of the picture on my home page. How did I do this? I used Favicons from Pics, these guys will create icons for your web pages for free. Go ahead and try it.

Secure PHP Includes

Most people give their include files a different extension e.g. common.inc or global.inc. This is a good common practice although it could lead to major security issues.

When a server error occurrs it spits out which line it occurred on and revealed some of the text where the error occurred near. This text happened to be a common.inc file revealing some critical information. If you take this file and append to your url - it reveals the source code. An Include(.inc) file isn't parsed by the server correctly unless configured by your administrator. This isn't the case normally so the server will just try it like a .txt file.

There are a few different solutions to this security issue. If you are using Apache there is a very simple solution simply add the following to either your httpd.conf or .htaccess file:

	<Files "*.inc">
	Deny from all
	</Files>

Now if someone tries to access an inc file directly in your browser it will be denied access however your file will still be included.