Blank UA String

I'm getting occasional visits to my Web site from applications with
blank UA strings. I would like to block such accesses because they
violate various RFCs and might represent attempted hostile actions.

Since I don't own the Web server (it's owned by my ISP) and I don't want
to have any JavaScript, I would prefer using either an .htaccess setting
or a SSI script. Is this possible? The Web server is Apache (version
currently unknown) for which I have done some simple .htaccess settings.
I know how to create SSI scripts in UNIX.

What I really would like to do is send an error page when the UA string
is blank. The page would tell the user why the requested page cannot be
seen. If I can't send an error page, then I would send an appropriate
HTTP status code.

--

David E. Ross
<http://www.rossde.com/>

Q: What's a President Bush cocktail?
A: Business on the rocks.

re: Blank UA String

David E. Ross wrote:Although you can do this if you wish within an .htaccess file *if* your
hosting company allow such, but I would advise against it because some
personal security software (i.e., antivirus firewall protection suites)
can block such info. Scripts that rely on HTTP_REFERER broke miserably
when Norton Internet Security started blocking it, is one example...

--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com

re: Blank UA String

"David E. Ross" <nobody@nowhere.notwrites:
Your Web site is about to represent attempted hostile actions too. Just
to be safe, I’ve updated my hosts file (thanks for your signature, HTH).

--
||| hexadecimal EBB
o-o decimal 3771
--oOo--( )--oOo-- octal 7273
205 goodbye binary 111010111011

re: Blank UA String

David E. Ross <nobody@nowhere.notwrote:FWIW, HTTP 1.1 (RFC 2616) says "User agents SHOULD include this field with
requests", not "User agents MUST include this field with requests".

As a practical matter, not everyone behind a firewall that strips the
User-Agent header will be able to reconfigure the firewall. And others will
not be willing to reconfigure the firewall.

And do you really care whether you get blank/non-existent User-Agent
strings, or bogus User-Agent strings like

Mozilla/4.0 (compatible; not MSIE 6.0; HAL 9000)

? Sites blocking access based on User-Agent strings are the reason why
almost every browser misrepresents itself in its User-Agent string.
--
Darin McGrew, darin@TheRallyeClub.org, http://www.TheRallyeClub.org/
A gimmick car rallye is not a race, but a fun puzzle testing your
ability to follow instructions. Upcoming gimmick car rallye in
Silicon Valley: Talladega Nights (Saturday, August 4)

re: Blank UA String

Jonathan N. Little wrote:<rant>Norton Internet Security is insane. I've had problems caused by
the software blocking access to a page that had a parameter called "ad"
in the query string (it was short for "administrator") and by having the
images used in the banner of one site's pages reside in a directory
called, shockingly, "banners".</rant>

re: Blank UA String

Harlan Messinger wrote:
No argument here. I loved the little "onload" handler it would inject to
"protect" folks for bad websites...true it would, but would also disable
any benign initialization for JavaScript functions on a page...

--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com