-- Search Engine Spider and User Agent Identification
---- Is this really a PlayStation 3
Ocean10000 - 2:03 am on Apr 5, 2008 (gmt 0)
I am in charge of monitoring a few websites. One of them gets a small number of mobile and alternate browser visits. So I am often trying to figure out if the browser is actually a human using some unknown browser or a new unknown bot trying to sneak on by.
One of these visitors is uses their PlayStation 3 to browse with. So my job was to figure out what criteria that would use to validate against to rule out a bot spoofing the PlayStation 3 to get in. The following is what I came up with.
The User-Agent in question "Mozilla/5.0 (PLAYSTATION 3; 1.00)"
The first checks done is to make sure the User-Agent matches "Mozilla/5.0 (PLAYSTATION 3; 1.00)" to activate the validation checks for this specific browser.
Once it is determined that the UA Matches a known custom test start processing the custom test items, which are the following for the PlayStation 3.
Must not include "Accept" Header. If "Accept" header is found then the browser is not a valid PlayStation 3.
This is unusual most major browsers and bots will always supply this header. It is one of the standard tests used by me to determine that a browser is a spoofer, is by checking if the "Accept" Header is not present. Which usually means it is a bot trying to hide using a well known User-Agent .
Must include "x-ps3-browser" Header. If "x-ps3-browser" Header is not present then the browser is not a valid PlayStation 3.
The "x-ps3-browser" Header must be in the following format "#.## (WP; system=#.##)" where the # signs are numeric digits. So if it does not match this mask then it is not a valid PlayStation 3.
Here are a few examples taken from my library to date. "1.30 (WP; system=1.32)" "1.70 (WP; system=1.70)" "1.80 (WP; system=1.81)" "1.90 (WP; system=1.90)" "2.10 (WP; system=2.10)"
Must include "Accept-Encoding" Header. If "Accept-Encoding" Header is not present then the browser is not a valid PlayStation 3. The Accept-Encoding" Header must be equal to "identity" and yes case does matter, it is always lower case. So if it doesn't equal "identity" then it is not a valid PlayStation 3.
Must include "Accept-Language" Header. If "Accept-Language" Header is not present then the browser is not a valid PlayStation 3.
Must include "Connection" Header. If "Connection" Header is not present then the browser is not a valid PlayStation 3.
If it has made it this far there is no further test that can be used exclude it from being a "PlayStation 3" based on supplied headers alone.