[geeklog-devel] Geeklog and 404 Errors

Dirk Haun dirk at haun-online.de
Fri Jan 4 12:50:02 EST 2013

Rouslan Placella wrote:

> Dirk, that's physically missing pages you're talking about (e.g: http://geeklog.net/nonexistent.php). For logically missing pages, Tom is right about sending the 404 header from gl (http://geeklog.net/article.php?id=nonexistent), the webserver won't send an error, since the page does actually exist…

Right. I was only addressing the question about the 404.php - hadn't really thought through the other aspect yet.

Geeklog already sends the proper HTTP status codes where appropriate (e.g. 403, 500), so sending a 404 when calling up an item that does not exist sounds sensible.

I think the main reason why we're not doing it yet was the concern that it may give away information. Strictly speaking, if you don't have the rights to read an article, you should get a 403 but if it does not exist, you should get a 404. In both cases, we currently redirect the user to the front page so as not to give away the information "this article exists but you are not allowed to read it".

Given that we're The Secure CMS, we should at least think this through before we change it.

bye, Dirk


More information about the geeklog-devel mailing list