Have you ever noticed during web page inspection, the favicon.ico error?
I’ve seen the missing favicon.ico many times in the past while inspecting some web page.
Today, while working on a custom pfsense/haproxy 503 custom page, I took notice again.
Come to find out, the browser is automatically requesting the favicon.ico (WHAT?)
Common solutions:
Here are common ways to address this:
1. Provide a Favicon File
The simplest and recommended solution is to make a small favicon.ico file available at the root of your web service(s). Once the browser successfully retrieves it, it will cache the file for future visits, eliminating repeat requests in your logs.
- Ensure the file exists: Create or place a small
favicon.icofile in the webroot (e.g.,/var/www/html/favicon.icoon a typical web server) of the backend server being proxied by pfSense HAProxy. - Set caching headers: Configure your backend web server (Apache, Nginx, etc.) to set long
ExpiresorCache-Controlheaders for the favicon file, so browsers store it for a month or two.
2. Configure HAProxy to Serve a Static File
For environments where you can’t easily modify the backend server, you can configure HAProxy in pfSense to serve the favicon itself.
- In HAProxy versions 2.2 and later (which recent pfSense versions use), you can use the
http-request returnaction to serve a static file from memory or disk. This can prevent the request from reaching the backend servers at all. - The general approach involves adding an ACL to match the
favicon.icorequest and then an action to return the file. However, this is an advanced configuration usually done in the “Global Advanced pass thru” custom options or the specific frontend/backend rules in the pfSense HAProxy package.
3. Suppress the Request via HTML (Client-Side)
If you have control over the HTML code of the pages being served, you can add a link tag in the <head> section of your HTML files using a data URI to prevent the browser from making a separate file request:
html
<link rel="icon" href="data:image/x-icon;," type="image/x-icon">
This embeds a minimal, empty icon directly in the HTML, though it may have compatibility issues with very old browsers or strict Content Security Policies (CSP).
4. Ignore the Errors
The browser behavior of requesting favicon.ico is standard. The 404 errors in your logs are often harmless and can simply be ignored or filtered out in your logging configuration if they are not causing functional problems.
The key is that HAProxy is not the one “looking for” the favicon, but is reporting that a client (browser) is requesting a resource that it cannot find or is not configured to handle properly.
I applied option #3 and error was removed!
