No doubt there'll be more of this as more people start using security packages. Unfortunately there doesn't seem to be anything in the RFC for the HTTP protocol explicitly defining what values are allowed in this field.

Ah well. :/

I wouldn't sweat it. Within a single drop-down I can pick from 7 real UAs. Is it better if I just misrepresent? Oh, and I can create any custom UA I choose to create with one click. What if I just started appending numbers to common UAs? Wouldn't that be worse?

Within a single drop-down I can pick from 7 real UAs.

Yep, same here. The Fx UserAgent Switcher extension is great when it's used properly.

What if I just started appending numbers to common UAs? Wouldn't that be worse?

You point is well taken. Still, just working on updating OmniWeb browser for my browscap.ini file I ran across numerous examples of users agents where people had added a number here and there.

I don't know why they would want to do that. I'm sure a lot of people think a user agent can somehow personally identify you. Sort of like cookies. LOL

However in my case I've structured my browscap.ini file to compensate for many of these anomalous numerics.

It still ticks me off that someone would go out of their way to create such a rude custom user agent. I've seen some that include profanity.

abates,

There's no RFC dedicated to User-agent strings, although they are mentioned in the HTTP/1.0 and HTTP/1.1 RFCs. But there is the original Netscape document: [mozilla.org...]

Jim

What's more disconcerting for me, is the ease in which referrer can be stripped.

Search results for: > 63.249.0.
not much there
Subdelegations for NET-63-249-0-0-1:

What's more disconcerting for me, is the ease in which referrer can be stripped.

Aye! Me also.
I frequently have visitors looking for specific information.
As much as I plaster CONTACT or informational links to contact and/or request in an attempt to explain to this folks that I'm able to provide updates on-the-fly or very extensive materials from outside my websites?

Visitors seem to favor avoiding contact.

The trend towards lack of referrer continues.

I tend to believe that for content similar to my pages there will come a time of either 1) subscription, 2) registraion or 3) a redirect from a white-list for lack of either of the above.

I see visitors going through page after page looking for material that they either cannot find for lack of proper search tecniques or the material doesn't exist at all on any web page (not just my sites).

Don

Referrer stripping I don't mind so much. If people need the illusion of privacy...

Though I do mind when the referrer field suddenly contains "Blocked by Firewall X" or "****:+++++++++++++++++" and then they don't see my graphics because the crud messes up the graphic hotlink prevention. Now that *does* break the RFC.

I'm tempted to serve people using those an error 500 and a message telling them their referrer string is invalid. :P

If you're UA doesn't start with "Mozilla/" or "Opera/" I bounce you like a robber ball off a brick wall so pick your UA wisely as most of that garbage will keep you out and something like Google might get you banned.

I used to think blocking every UA not beginning with Mozilla was gonna be easy... HA! No Easy Way for Me!

Currently, in addition to blocking 278 UA 'parts' with SetEnv --

SetEnvIfNoCase User-Agent "(Dawang¦Directory¦DNS-Digger¦dnsdigger¦Download¦DTS¦Dulance)" no_way

-- I'm also blocking 312 permutations of Mozilla, all of which have been added by hand as encountered (or spotted by this forum's illustrious, if O-C, denizens:) --

RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*(Dominator¦Dotsafe¦DnloadMage¦Download¦DreamKey¦DreamPassport¦DTS¦DTS.Agent¦Dulance¦Dummy) [NC,OR]

There's some overlap between the two (and plenty of needs-streamlining code, tenkewveddymuch:) And I could just combine everything. But many of the blocked Moz users are rewritten off-site to an appeal page, whereas the SetEnv users are 403'd on the spot.

Plus when used in tandem, SetEnv and RewriteCond act as a belt-and-suspenders arrangement when I forget a crucial [OR] or \.

(Dontcha hate it when that happens? Dang!)