homepage Welcome to WebmasterWorld Guest from 54.166.255.168
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
Blocking old versions of MSIE
revrob

5+ Year Member



 
Msg#: 4535977 posted 7:26 pm on Jan 14, 2013 (gmt 0)

I have had an .htaccess rule for a couple of years now, that blocks old versions of MSIE and thereby blocks a number of unwanted visitors. But now that MSIE v10 is around, it seems to be caught by this rule - I'd be grateful if anyone could advise me how it should be constructed to avoid blocking MSIE v10. At the moment I have just hashed it out.

RewriteCond %{HTTP_USER_AGENT} ^MSIE.[1-6]\.* [OR]
RewriteCond %{HTTP_USER_AGENT} .*MSIE.[1-6]\.* [OR]

Many thanks.

 

g1smd

WebmasterWorld Senior Member g1smd us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4535977 posted 7:34 pm on Jan 14, 2013 (gmt 0)

^MSIE.[1-6]\.*

matches literal MSIE

followed by ANY SINGLE CHARACTER

followed by a SINGLE DIGIT 1 to 6

followed by zero or more PERIODS

followed by ANYTHING.

It matches

MSIET4.
MSIEX6.......

and many other things it should not.

. means ANY character

\. means a literal period

* means zero or more times.

\.* means something different to .*

Never use .* at the beginning or in the middle of a RegEx pattern.

\.* is always an error.

revrob

5+ Year Member



 
Msg#: 4535977 posted 8:33 pm on Jan 14, 2013 (gmt 0)

Thank you - that seems to negate most of that string except for the [1-6] section, but I can't seem to work out a format that doesn't block a useragent with MSIE 10.0 in it. How can I confine the block to very old versions 1-6 only please?

Many thanks.

g1smd

WebmasterWorld Senior Member g1smd us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4535977 posted 8:48 pm on Jan 14, 2013 (gmt 0)

What is the \.* bit MEANT to match?

It actually matches <nothing> or . or .. or ...

When it matches NOTHING, then any digits that follow after will match.

1\.*0 matches 1.0 and 1....0 and 10

1\.* matches the same stuff with ANYTHING in place of the 0.

The * is the problem. Delete it.

Additionally, the period before [1-6] is another problem as it matches ANYTHING once.

revrob

5+ Year Member



 
Msg#: 4535977 posted 9:10 pm on Jan 14, 2013 (gmt 0)

That's done the trick - thank you. I've tested with a MSIE 10 user agent and it isn't blocked.

g1smd

WebmasterWorld Senior Member g1smd us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4535977 posted 9:21 pm on Jan 14, 2013 (gmt 0)

Those patterns still have a LOT of other issues.

Unless you work out exactly what should and should not match, and adjust the patterns to suit, you'll be back here again and again as each new thing goes wrong.

lucy24

WebmasterWorld Senior Member lucy24 us a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



 
Msg#: 4535977 posted 9:33 pm on Jan 14, 2013 (gmt 0)

Whoops! Forgot to refresh tab before posting. Redundant post follows:

Didn't wilderness have a post just a few days ago asking the same question?

The final asterisk effectively destroys the rule because it makes the period optional in exactly the place where you need it to be mandatory:
MSIE\ [1-6]\.
and that's all.

The leading anchor kills the rule in a different way, because "MSIE" never comes at the very beginning of a UA string. Well, except for the occasional robot.

wilderness

WebmasterWorld Senior Member wilderness us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4535977 posted 10:49 pm on Jan 14, 2013 (gmt 0)

Didn't wilderness have a post just a few days ago asking the same question?


Except I've no interest in allowing any versions of IE prior to 6.0, or after 10.0 (the current version.

To do so would open the door to malformed UA's.

Why allow anything past 10.0 if MS doesn't even have a newer version on the board?

lucy24

WebmasterWorld Senior Member lucy24 us a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



 
Msg#: 4535977 posted 2:14 am on Jan 15, 2013 (gmt 0)

Hm, right, we're not talking Chrome or FF here ;)

:: detour to raw logs ::

Lord! What a boring UA. Every last one ends in .0; (dot, zero, semicolon) leading to single space* and more stuff.

I limited my search to requests that got through with a 200. So if there are any other numbering formats, they're strictly in Bad-Robot-Land and need not concern us. There were definitely non-zero versions of 5-- the last Mac version was 5.23, but I only use it to test my own lockouts ;) If you ever meet a 4.01 it will be part of a costume worn by unfashionable Russian robots.

So that's

MSIE\ ([6-9]|10)\.0;

My own [1-4]\. was for unconditional denial, so the fewer details the better. It's only with 5 and 6 that I make judgment calls, and that's getting into YMMV territory. I can probably dump the 5; I think even Iqaluit has finally upgraded the last of theirs to 7 or 8.


* Except the plainclothes MSNbot, which likes double spaces.

wilderness

WebmasterWorld Senior Member wilderness us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4535977 posted 3:32 am on Jan 15, 2013 (gmt 0)

MSIE\ ([6-9]|10)\.0;


not quite and this is only the MSIE portion of multiple lines that checks browsers.

MSIE\ ([6-9]|10)\.[0-9];

I suppose the version portion should be modifed even further to only include the current version (s) of 10.

lucy24

WebmasterWorld Senior Member lucy24 us a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



 
Msg#: 4535977 posted 10:04 pm on Jan 15, 2013 (gmt 0)

If they go to multiple versions I hope they warn us. That was my surprising discovery in the previous post: In MSIE 6 and up there are no version numbers. It's all point zero. At least in the UA string, which may be entirely different from what you see in your "About MSIE" box.

Happily we're now in 10 so it's an easy toggle: either [7-9]\.0; or 10\.whatever-it-turns-out-to-be. I doubt you'll ever get those strings of multiple decimal-delimited sets from browsers that think their UA string is a CIDR ;)

Chrome/23.0.1271.97 Safari/537.11
...
Chrome/12.0.742 Safari/534.51


I grabbed the oldest and newest available raw log files. So Chrome has not only jumped forward some 10-to-15 versions, they've added a digit in the UA. Safari itself appears to use 3 sets of numbers when it appears in its own right, 2 when it's part of the Chrome UA string.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved