Question 91307 in Apache Question posted in
Some documentation to get you started can be found here.

HTACCESS – Using BrowserMatchNoCase to block multiple versions of obsolete browsers (Chrome / Firefox) – Apache

I tried to find a solution to this but wasn’t able to find one.

I have been using these lines in my htaccess for a while now to block older or obsolete versions of Firefox and Chrome since most of them are used by bots / infected hosts.

BrowserMatchNoCase "Chrome/[17.0.0.0-86.0.0.0]" bad_bots
BrowserMatchNoCase "Firefox/[3.0-86.0]" bad_bots

It worked flawlessly and from my understanding it was blocking : (Am I right ?)

  • Every Chrome browser version from 17.0.0.0 to 86.0.0.0
  • Every Firefox browser version from 3.0 to 86.0.0.0

But recently, since Chrome and FF updated to 100, things are not working as expected.
My rules are blocking these browsers versions, so temporarily, I did a dirty workaround by adding :

BrowserMatchNoCase "Chrome/100" !bad_bots
BrowserMatchNoCase "Firefox/100" !bad_bots
etc...

My question :

Is it possible to get around that "issue" and not blocking browsers versions from 100 and later versions ? How ?

Is it possible to keep these rules with BrowserMatchNoCase ?

Thanks a lot.

Tags:

2

Answers


  1. 0 
    BrowserMatchNoCase "Chrome/[17.0.0.0-86.0.0.0]" bad_bots
BrowserMatchNoCase "Firefox/[3.0-86.0]" bad_bots

    It worked flawlessly and from my understanding it was blocking : (Am I
    right ?)

    • Every Chrome browser version from 17.0.0.0 to 86.0.0.0
    • Every Firefox browser version from 3.0 to 86.0.0.0

    No, it’s not doing that at all! You can’t specify numeric ranges like that using regex.

    The regex [17.0.0.0-86.0.0.0] is a character class and is the same as simply [.012345678] (or [.0-8]), which matches a single character from those listed between the square brackets. The hyphen (-) indicates a ascii character range. eg. a-z.

    So, your regex Chrome/[17.0.0.0-86.0.0.0] matches any user-agent that contains one of the following substrings:

    • Chrome/.
    • Chrome/0
    • Chrome/1
    • Chrome/2
    • Chrome/3
    • Chrome/4
    • Chrome/5
    • Chrome/6
    • Chrome/7
    • Chrome/8

    So, it will basically block any Chrome version that does not start with a 9. In other words, it will allow versions 9 and 90 through 99 and block everything else (until we eventually get to version 900!).

    If you still want to follow the same approach and block old user-agent strings then you’ll need to follow your "dirty workaround" and punch holes for user-agents you do want to allow. Although you can generalise a bit and permit any version in the hundreds, eg. 1dd (1 followed by two digits)

    For example, it would be easier to block everything and then allow specific User-Agent patterns:

    # Block all Chrome User-Agents
BrowserMatchNoCase "Chrome/" bad_bots

# Allow Chrome versions 87, 88, 89, 90-99, 100+
BrowserMatch "Chrome/(8[789]|9d|ddd)." !bad_bots

    Note that I specifically used BrowserMatch (rather than BrowserMatchNoCase) for the allowed cases since official Chrome User-Agents will always have an uppercase C.

    Login or Signup to reply.
  2. 0 
    BrowserMatchNoCase "Chrome/[2-9]" badbot
BrowserMatchNoCase "Firefox/[2-9]" badbot
Deny from env=badbot

    this works until chrome/firefox get to 200s

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search