Is the url path '/#!' special or an exploit?

Question

I am getting the path /#! requested regularly on my blog and i was wondering why this was (as it doesn't match to any URL/resource on my blog). The user agent says its always IE7 browsers which request this but from multiple different IP Addresses. I'm trying to work out if I can ignore this or if I need to do something about it. I specifically want to know the following:

• Is it some kind of special URL for certain web browsers/web servers?
• Is it connected to a specific exploit?

Can I just ignore it?

If its relevant the site is hosted in windows azure and running on MVC4.

Answer 1

It's a hash-bang URL. They're used by some AJAX web applications, like Facebook and Twitter. Google has some special treatment for them, to make normally uncrawlable AJAX sites crawlable.

However, if your site is not running an app that uses them, you shouldn't be seeing them. And you definitely shouldn't be seeing them on the server side, since the whole point is that everything following a # in a URL is a fragment identifier, and should be stripped off by the user agent before requesting the URL from the server.

Edit: If I had to guess what's requesting such URLs, I'd say it might be some buggy bot. The fact that it's apparently pretending to be IE suggests that it might not be up to anything good; maybe it's a spambot of some sort. Anyway, the requests as such are most likely harmless, and you can ignore them. If it makes you feel better, you could always set up a rewrite rule to explicitly reject them, something like:

RewriteRule \x23 - [F]

This should reject any requests for URLs containing the # character with a 403 Forbidden error.

Answer 2

Well, # is a valid anchor that just means "the page". You can also make a '!' anchor, e.g.

<!-- some html here -->
<a href="#!">Click me!</a>
<!-- lots more html -->
<div id="!">
   Wooaaaah!
</div>

So my guess is that you can safely ignore it... but that's just a guess ;)