Grow your CSS skills. Land your dream job.

Last updated on:

Force Favicon Requests to Correct Location

For whatever crazy reason, perhaps evil-doing site scanners, requets to a web server for a favicon in all known crevasses of the site are fairly common. Since that file probably only actually exists in the root directory of your site, these requests result in a 404. If you server up a fancy, user-friendly 404 page, this can add up to a ton of bandwidth for no good reason.

This code will make those requests serve up the real favicon instead, saving bandwidth:

# REDIRECT FAVICON.ICO
<ifmodule mod_rewrite.c>
RewriteCond %{REQUEST_URI} !^/favicon\.ico [NC]
RewriteCond %{REQUEST_URI} favicon\.ico    [NC]
RewriteRule (.*) http://css-tricks.com/favicon.ico [R=301,L]
</ifmodule>

Another common one is requests for a file called ajax-loader.gif, probably evil scanning looking for poorly made ajax applications in which to exploit. Make sure that file really does exist and force all requets for it to that real location.

# REDIRECT AJAX-LOADER
<ifmodule mod_rewrite.c>
RewriteCond %{REQUEST_URI} !^/images/ajax\-loader\.gif [NC]
RewriteCond %{REQUEST_URI} ajax\-loader\.gif           [NC]
RewriteRule (.*) http://css-tricks.com/images/ajax-loader.gif [R=301,L]
</ifmodule>

Comments

  1. An alternative is to just die() out if your 404 page detects the request is for ‘favicon.ico’.

  2. Something very beautiful Thank you for offering distinctive .

  3. Sylenix
    Permalink to comment#

    Hi Chris!

    Thanks very much for this snippet. I was able to solve that YSlow bug for favicon because of this.

    Thanks a lot!

Leave a Comment

Posting Code

Markdown is supported in the comment area, so you can write inline code in backticks like `this` or multiline blocks of code in in triple backtick fences like ```this```. You don't need to escape code in backticks, Markdown does that for you.

Sadly, it's kind of broken. WordPress only accepts a subset of HTML in comments, which makes sense, because certainly some HTML can't be allowed, like <script> tags. But this stripping happens before the comment is processed by Markdown (via Jetpack). It seems to me that would be reversed, because after Markdown processes code in backticks, it's escaped, thus safe. If you think you can fix this issue, get in touch!

If you need to make sure the code (typically HTML) you post absolutely posts correctly, escape it and put it within <pre><code> tags.

Current ye@r *

*May or may not contain any actual "CSS" or "Tricks".