473,385 Members | 1,396 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > html / css > questions > blank ua string

Join Bytes to post your question to a community of 473,385 software developers and data experts.

Blank UA String

I'm getting occasional visits to my Web site from applications with
blank UA strings. I would like to block such accesses because they
violate various RFCs and might represent attempted hostile actions.

Since I don't own the Web server (it's owned by my ISP) and I don't want
to have any JavaScript, I would prefer using either an .htaccess setting
or a SSI script. Is this possible? The Web server is Apache (version
currently unknown) for which I have done some simple .htaccess settings.
I know how to create SSI scripts in UNIX.

What I really would like to do is send an error page when the UA string
is blank. The page would tell the user why the requested page cannot be
seen. If I can't send an error page, then I would send an appropriate
HTTP status code.

--

David E. Ross
<http://www.rossde.com/>

Q: What's a President Bush cocktail?
A: Business on the rocks.
Oct 12 '08 #1
5 2000
David E. Ross wrote:
I'm getting occasional visits to my Web site from applications with
blank UA strings. I would like to block such accesses because they
violate various RFCs and might represent attempted hostile actions.

Since I don't own the Web server (it's owned by my ISP) and I don't want
to have any JavaScript, I would prefer using either an .htaccess setting
or a SSI script. Is this possible? The Web server is Apache (version
currently unknown) for which I have done some simple .htaccess settings.
I know how to create SSI scripts in UNIX.

What I really would like to do is send an error page when the UA string
is blank. The page would tell the user why the requested page cannot be
seen. If I can't send an error page, then I would send an appropriate
HTTP status code.
Although you can do this if you wish within an .htaccess file *if* your
hosting company allow such, but I would advise against it because some
personal security software (i.e., antivirus firewall protection suites)
can block such info. Scripts that rely on HTTP_REFERER broke miserably
when Norton Internet Security started blocking it, is one example...

--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com
Oct 12 '08 #2
"David E. Ross" <no****@nowhere.notwrites:
I'm getting occasional visits to my Web site from applications with
blank UA strings. I would like to block such accesses because they
violate various RFCs and might represent attempted hostile actions.
Your Web site is about to represent attempted hostile actions too. Just
to be safe, I’ve updated my hosts file (thanks for your signature, HTH).

--
||| hexadecimal EBB
o-o decimal 3771
--oOo--( )--oOo-- octal 7273
205 goodbye binary 111010111011
Oct 12 '08 #3
David E. Ross <no****@nowhere.notwrote:
I'm getting occasional visits to my Web site from applications with
blank UA strings. I would like to block such accesses because they
violate various RFCs and might represent attempted hostile actions.
FWIW, HTTP 1.1 (RFC 2616) says "User agents SHOULD include this field with
requests", not "User agents MUST include this field with requests".

As a practical matter, not everyone behind a firewall that strips the
User-Agent header will be able to reconfigure the firewall. And others will
not be willing to reconfigure the firewall.

And do you really care whether you get blank/non-existent User-Agent
strings, or bogus User-Agent strings like

Mozilla/4.0 (compatible; not MSIE 6.0; HAL 9000)

? Sites blocking access based on User-Agent strings are the reason why
almost every browser misrepresents itself in its User-Agent string.
--
Darin McGrew, da***@TheRallyeClub.org, http://www.TheRallyeClub.org/
A gimmick car rallye is not a race, but a fun puzzle testing your
ability to follow instructions. Upcoming gimmick car rallye in
Silicon Valley: Talladega Nights (Saturday, August 4)
Oct 13 '08 #4
Jonathan N. Little wrote:
David E. Ross wrote:
>I'm getting occasional visits to my Web site from applications with
blank UA strings. I would like to block such accesses because they
violate various RFCs and might represent attempted hostile actions.

Since I don't own the Web server (it's owned by my ISP) and I don't want
to have any JavaScript, I would prefer using either an .htaccess setting
or a SSI script. Is this possible? The Web server is Apache (version
currently unknown) for which I have done some simple .htaccess settings.
I know how to create SSI scripts in UNIX.

What I really would like to do is send an error page when the UA string
is blank. The page would tell the user why the requested page cannot be
seen. If I can't send an error page, then I would send an appropriate
HTTP status code.

Although you can do this if you wish within an .htaccess file *if* your
hosting company allow such, but I would advise against it because some
personal security software (i.e., antivirus firewall protection suites)
can block such info. Scripts that rely on HTTP_REFERER broke miserably
when Norton Internet Security started blocking it, is one example...
<rant>Norton Internet Security is insane. I've had problems caused by
the software blocking access to a page that had a parameter called "ad"
in the query string (it was short for "administrator") and by having the
images used in the banner of one site's pages reside in a directory
called, shockingly, "banners".</rant>
Oct 13 '08 #5
Harlan Messinger wrote:
<rant>Norton Internet Security is insane. I've had problems caused by
the software blocking access to a page that had a parameter called "ad"
in the query string (it was short for "administrator") and by having the
images used in the banner of one site's pages reside in a directory
called, shockingly, "banners".</rant>
No argument here. I loved the little "onload" handler it would inject to
"protect" folks for bad websites...true it would, but would also disable
any benign initialization for JavaScript functions on a page...

--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com
Oct 14 '08 #6
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
Not able to read blank lines and spaces on a small text file
by: Ruben | last post by:
Hello. I am trying to read a small text file using the readline statement. I can only read the first 2 records from the file. It stops at the blank lines or at lines with only spaces. I have a...
Python
6
test blank string
by: js | last post by:
I am using the following script to test if a variable is undefined or blank. The alert is not fired, if varA is blank string (ie. "", " ", " ", etc). I need to fire the alert even when varA...
Javascript
5
how to print blank space(s) ?..
by: mark | last post by:
how to print, say 50 blank spaces, or say 20 blank spaces ? I wanted use such blank spaces that can be output in a program at predetermined places when printing with "cout".
C / C++
5
XML Serializer - Skip creation of Blank/Empty Class members
by: Tappy Tibbons | last post by:
I have a class I am serializing, and need the resultant XML to skip/omit classes that are not initialized, or their member variables have not been set. Is this possible? Say for the following...
.NET Framework
5
match a blank line with RegEx
by: JackRazz | last post by:
Anyone know the regular expression to match a blank line where the byte sequence is "0D 0A 0D 0A" ive tried "\r\n\r\n+", "^$+" "\n\r" with no success. Any Ideas? Thanks - JackRazz This is...
Visual Basic .NET
5
Custom Format - QUOTES - blank when 0
by: sara | last post by:
I've looked at all the posts I could and don't see the solution. I am aware that the format to get a BLANK when the number is 0 is: $ #,###.00;($ #,###.00);"" But I can't, for the life of me,...
Microsoft Access / VBA
42
Checking for A Blank String
by: =?Utf-8?B?UGxheWE=?= | last post by:
I have an if statement that isn't working correctly and I was wondering how I check for a blank string. My Code Example if me.fieldname(arrayIndex) = "" then ----- end if When I do this and...
Visual Basic .NET
2
parse error or infinite loop? a blank screen, yet the php error logis empty
by: Lawrence Krubner | last post by:
Imagine a template system that works by getting a file, as a string, and then putting it through eval(), something like this: $formAsString = $controller->command("readFileAndReturnString",...
PHP
2
Forms sending some blank emails
by: lstanikmas | last post by:
Hi, I'm validating a form with this ASP but receiving some blank email responses; does anyone see anything wrong with it?: function isFormVarExcluded(thisForm, strToCheck) { var strExcludeVars...
ASP / Active Server Pages
1
HTML form generating semi- blank emails
by: Lelu | last post by:
Hi, My HTML form is generating some blank email responses; does anyone see anything wrong with the scripts?: function isFormVarExcluded(thisForm, strToCheck) { var strExcludeVars =...
HTML / CSS
1
Cloud Servers without Credit Card and Email Registration: A Simpler Way to Get on the Cloud
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
General
0
Wordpress or something else?
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
Content Management Systems
0
One-click Importing Excel Data into a*Database
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
Microsoft Excel
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!