Handling the favicon.ico file with Mozilla Firefox

About this task

Problem background:

The favicon.ico file is a small graphic icon that is used by some browsers (including Microsoft Internet Explorer and Mozilla Firefox) to enhance the display of address bar information and "favorites" bookmark lists. When requesting a resource, these browsers also try to locate the site's custom favicon.ico file.

There is a difference, however, in the way Internet Explorer and Mozilla Firefox decide when to request the favicon.ico file:

  • Internet Explorer requests favicon.ico only when the returned page is bookmarked.
  • Mozilla Firefox requests favicon.ico at the same time as the request for the page.

The request and response exchange between a Mozilla Firefox browser and a WebSEAL server can result in an HTTP 404 "Not found" message for the user when the favicon.ico does not exist.

In a protected WebSEAL environment, Mozilla Firefox's attempt to access the favicon.ico file triggers a login prompt. WebSEAL caches /favicon.ico as its "last requested URL." Once the user successfully logs in, WebSEAL redirects the request to this "last requested URL" location. The file (being non-existent in this example) is not found and a 404 "Not found" error is returned to the user. The originally requested page is never accessed because of the redirection process.

Solution:

The following steps solve this problem:

Procedure

  1. Place a favicon.ico file in the junction-root directory. You can access this directory from the Manage Reverse Proxy Management Root page of the LMI.
  2. Add a definition for the ico file format in the [content-mime-types] of the WebSEAL configuration file: 
    [content-mime-types] 
ico = image/x-icon
  3. Create an ACL that allows unauthenticated access to /favicon.ico. For example:
    pdadmin> acl show favicon
ACL name: favicon  
Description:
Entries:
   Any-other Tr
   Unauthenticated Tr
   User sec_master TcmdbsvaBRrl
  4. Attach this ACL explicitly to /favicon.ico or ensure that the unauthenticated permission is inherited to this point. For example:
    pdadmin> acl attach /WebSEAL/abc.ibm.com-default/favicon.ico favicon

Results

If you do not want to create and install a favicon.ico file, the problem can be solved by following steps 3 and 4 only. An ACL can be attached to an object space representation of a resource, even if the resource does not physically exist. Although the browser still does not find the file, the unauthenticated ACL prevents a login prompt. The browser handles the 404 error internally and proceeds to access the requested page.

Parent topic: Web server response configuration
Related concepts:
Static HTML server response pages
HTML server response page locations
HTML server response page modification
Account management page configuration
Error message page configuration
Adding custom headers to server response pages
Local response redirection
HTML redirection
Related tasks:
Configuring the location URL format in redirect responses
Related reference:
Multi-locale support for server responses