Only using Netscape as the school's computer's have limited options and no install permissions...

SetEnvIf User-Agent "Netscape" Netscape

<Files /error/error-403.htm>
order allow,deny
allow from all
</Files>

deny from env=Netscape

Now how would I be able to (on my home pc without retardation issues) block AND test a useragent with "-" "-" (does not declare a UA)?

I'm not sure what you're trying to accomplish here, and I certainly can't recommend that you block blank user-agents, especially if you're not sure what they are; For example, you'll block all AOL users if you just block by blank UA, because the AOL caching proxy system does not provide a user-agent header.

That said, here's a snippet of relatively 'safe' code for mod_rewrite, which you might be able to adapt to the mod_access method you're using:

# BLOCK *Faked* blank referer -OR- UA (malicious agents supply a literal hyphen as UA string)
RewriteCond %{HTTP_REFERER}<->%{HTTP_USER_AGENT} ^-<->¦<->-$
RewriteRule .* - [F]
#
# BLOCK blank referer -AND- UA except for HEAD and favicon requests
RewriteCond $1  !^favicon\.ico$
RewriteCond %{REQUEST_METHOD} !^HEAD$
RewriteCond %{HTTP_REFERER}<->%{HTTP_USER_AGENT} ^<->$
RewriteRule (.*) - [F]

Note that the "<->" string is arbitrary; Although it implies concatenation, it is used only to demarcate the boundary between two strings. This allows two variables to be tested simultaneously in one RewriteCond while identifying the boundary between them.

Replace the broken pipe "¦" characters with solid pipes from your keyboard before use; Posting on this board modifies them.

You can test with Firefox and the "User-agent switcher" extension, or use an online resource like WannaBrowser.

Jim

Rock on JD! Thanks! It works perfectly and I'm setting up seperate 403 error pages for IPs, UAs, and the classic naturally 403ed types of forbidden...ness?

My only question...

Since this may effect people who aren't actually doing anything wrong I have setup a contact form in order to deal with issues as they come along and help me learn from what I'm doing, etc.

For both my own troubleshooting and for the sake of the user how would I allow one additional page to be accessed? Lets call this file "error-403-ua-error.php".

RewriteRule (.*) error/error-403-ua.php [L]

I know that tid-bit rewrites that file instead of the requested... there a chance that Apache can be set to overlook this rule when we specify a specific file in this instance?

Giving you credit on my home/history page for your help! Thanks again!

For the simple method to exclude pages from a rewrite, see this recent thread: [webmasterworld.com...]

You can also add a rule ahead of the code to skip over the code under certain circumstances, such as an error page being requested.

# Skip all subsequent rules if robots.txt or 403 page requested
RewriteRule ^robots\.txt$ - [L]
RewriteRule ^403_page\.html$ - [L]
#
# BLOCK *Faked* blank referer -OR- UA (malicious agents supply a literal hyphen as UA string)
RewriteCond %{HTTP_REFERER}<->%{HTTP_USER_AGENT} ^-<->¦<->-$
RewriteRule .* - [F]
#
# BLOCK blank referer -AND- UA except for HEAD and favicon requests
RewriteCond $1 !^favicon\.ico$
RewriteCond %{REQUEST_METHOD} !^HEAD$
RewriteCond %{HTTP_REFERER}<->%{HTTP_USER_AGENT} ^<->$
RewriteRule (.*) - [F] 

Jim

How could we use this to redirect MSIE users with a UA less than 5.5?

In other words if the user has MSIE 5.5 and higher nothing happens, but if they have 5.499999999999 or lower they get redirected. Still playing with that in combination...

Also, env strings can only have one numerical value? For example this does not seem to work...

SetEnvIf User-Agent "MSIE 5.0" MSIE50
SetEnvIf User-Agent "MSIE 5.1" MSIE51

I'm not sure about the problem with your MSIE5.0 SetEnvIf -- It would be useful if you could experiment and report your findings here. It may be that variable names need to be all-alpha characters or that spaces need to be escaped... something like that.

In general, you want to look for MSIE. Then if it is MSIE 5.5 or above, don't do anything. So a mod_rewrite using a regular-expressions compare might look something like:

RewriteCond %{HTTP_USER_AGENT} MSIE
RewriteCond %{HTTP_USER_AGENT} !MSIE\ (5\.[5-9]¦[6-9]\.[0-9]¦[1-9][0-9]\.[0-9])
RewriteRule ^<whatever_page\.html> /oldMSIEpage.html [L]

I show mod_rewrite because it's easier to handle the AND function. You could also do it with SetEnvIf; See the documentation for info on combining multiple SetEnvIfs. The regex pattern in this code is good through MSIE99.9 as shown. Replace the broken pipe characters before use, as usual.

Jim