You need a closing anchor \b (the b means "word boundary" and can be applied at either end of a string) so the rule matches 1 but not 10.

Been there. Done that. Some years ago I had to dash in and add a hasty \b because the new MSIE 10 was getting blocked by a similar rule that just said [1-4]. Now it's [1-4]\b and, ahem, it's long overdue for adding at least a 5. Just haven't got around to double-checking that no humans at all, ever, use something so old.

Incidentally, I wouldn't use an [NC] here. There's only one correct casing, and if someone's coming in claiming to be "windows" or "WINDOWS" they should be blocked forthwith, regardless of what NT version they're professing.

Hi Lucy,

thank you for your reply. The word boundary is a nice trick. It's exactly what I was looking for.

Regarding your IE comment, I started playing around with other MS/IE/Windows UAs to block.

 RewriteCond %{HTTP_USER_AGENT} "MSIE [1-6]\b" [NC,OR]
 RewriteCond %{HTTP_USER_AGENT} "Windows 98" [NC,OR]
 RewriteCond %{HTTP_USER_AGENT} "Windows NT [1-5]\b" [NC]
 RewriteRule ^ - [F]

Your comment regarding the case ([NC]), do you know for sure that Windows always sticks to the case with it's products? Plus, I have no idea how to approach your suggestion. "Block every UA containing Windows, but...foo bar." How do you reverse the case rule to define a case?

Thanks for your help!

How do you reverse the case rule to define a case?

It depends on circumstances. For example to block foobar, FOOBAR and Foobar while admitting FooBar:

RewriteCond %{HTTP_USER_AGENT} foobar [NC]
RewriteCond %{HTTP_USER_AGENT} !FooBar

But even then, wrong casing tends to be specific. A few years ago I had a rash of "GoogleBot", like that.

:: detour to raw logs, followed by some trial-and-error ::

Search for UA string containing word-initial "wi" or "WI", case sensitive: Nothing relevant.

Search for "Wi" followed by anything other than "ndows": Oh, my. Lots of robots pretending to be Win 9x-- but also humans (and BingSiteAuth) admitting to Win64, and Google Wireless Transcoder, and Nintendo Wii (that's a browser? who knew), and ...

Search for fine-tuned version of the preceding: Nope, no wrongly cased "Windows", though I did find a Russian robot* pretending to be "Window" something-or-other, singular. One robot, one time, one request. That wouldn't even be worth blocking, unless your name is amazon dot com and everything has to be multiplied by 10,000.


* I didn't actually recognize the nationality of the IP, who who else comes in claiming to be Opera 9.80?

Just a FYI - depending on your audience, real people still use those UAs :)

real people still use those UAs

On rare occasions I meet a human using FF 3.something, but you gotta draw the line somewhere.

Here I was scanning logs for mis-cased "Windows". Since I obviously couldn't say, in a single utterance, "windows [NC] but not Windows" (TextWrangler's RegEx engine isn't that sophisticated, at least I don't think it is) there were an awful lot of false positives.

Heh. I've just remembered that there is a RegEx locution for "switch case sensitivity on/off in mid-expression" but I still don't think there's a way to look at the same text twice.

I was commenting more on the OP not Firefox 3, but now that you bring it up, Linux FF builds are back there still. I see a lot of older browser builds, maybe because I get desktop visitors from all over the globe. The mobile crowd tend to use more up-to-date releases.