While logging HTTP requests to a file I have found something I would not expect.
I just put in the log the $_SERVER['REQUEST_URI'].
Guess what I have found, an url with #fragment attached:
18/05: requested cat/page.html#fragment
Note out of 2477 line of logs I found only one line with fragment attached
Everyone know (should) that fragment is never known server-side but only javascript code can get it. So what is happening here?
I am running PHP 5.3 on Apache 2.X (Debian).
分享 Your assertion that "fragment is never known server-side but only javascript code can get it" is a little short-sighted.
Whilst it's true that, in general operation with a conventional browser, a fragment is not included in the request-to-server, there is nothing stopping me from writing whatever I want in an HTTP request.
echo "GET /lol/werent/expecting/this#were_you HTTP/1.1" > /dev/tcp/yourwebsite.com/80
Someone's testing, someone's playing, someone's playing a bizarre hack attempt, or someone's using a buggy browser.
I wouldn't worry about it.
分享
