[geeklog-devel] Geeklog and 404 Errors
websitemaster at cogeco.net
Fri Jan 4 20:37:57 EST 2013
I will wait a few days to see if anyone else has anything to add before
putting in the feature request.
As Vinny said the 404.php page should use much of the same code as possible
with the new function. I will also mention in the request to add a config
option to enable a 404.log file (or should this go in the error log?) since
it would be nice to know if anyone is trying to access pages that do not
From: geeklog-devel-bounces at lists.geeklog.net
[mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Dirk Haun
Sent: January-04-13 4:53 PM
To: Geeklog Development
Subject: Re: [geeklog-devel] Geeklog and 404 Errors
> 1) If the id of the item exists or not (staticpage, article, topic,
> comment, etc) and if they have access to it or not. Right now the
> message tells the user the item either doesn't exist or they do not have
> Basically we are telling them it is a 404 or 403. The problem is when
> search engines find these type of links they do not realize it is a
> 404 or 403 and proceed to index the page. I still think we should set
> a 404 error and have a general message (like how 404.php works)
> stating that the page doesn't exist or that they may not have access
> and then point them to the home page or search page. A 404 error gives
them less information that a 403 error.
Let's see: A 404 would be an improvement over the current situation. And
that includes the situations where a 403 would be more appropriate. A
malicious user trying to gather whatever information that way would still
not be able to tell the difference between "doesn't exist" and "not
allowed". A bot would never be able to access a 403'd page anyway, so we
might as well tell them that the page doesn't exist.
In other words, if we always send a 404 instead of always redirecting to the
front page (for non-existing items), we would improve things and still not
give any information away. Right?
> 2) Going over the page limits for things like comments and topics. I
> think this one is relatively straight forward and we should return a 404.
I had a quick look through the list of HTTP status codes to see if there's
anything that would be more appropriate but I don't see anything (some come
close, but refer to specific HTTP header fields which we don't use).
So: What Vinny said.
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
More information about the geeklog-devel