I tried to find a solution to this but wasn’t able to find one.
I have been using these lines in my htaccess for a while now to block older or obsolete versions of Firefox and Chrome since most of them are used by bots / infected hosts.
BrowserMatchNoCase "Chrome/[17.0.0.0-86.0.0.0]" bad_bots
BrowserMatchNoCase "Firefox/[3.0-86.0]" bad_bots
It worked flawlessly and from my understanding it was blocking : (Am I right ?)
- Every Chrome browser version from 17.0.0.0 to 86.0.0.0
- Every Firefox browser version from 3.0 to 86.0.0.0
But recently, since Chrome and FF updated to 100, things are not working as expected.
My rules are blocking these browsers versions, so temporarily, I did a dirty workaround by adding :
BrowserMatchNoCase "Chrome/100" !bad_bots
BrowserMatchNoCase "Firefox/100" !bad_bots
etc...
My question :
Is it possible to get around that "issue" and not blocking browsers versions from 100 and later versions ? How ?
Is it possible to keep these rules with BrowserMatchNoCase ?
Thanks a lot.
2
Answers
No, it’s not doing that at all! You can’t specify numeric ranges like that using regex.
The regex
[17.0.0.0-86.0.0.0]
is a character class and is the same as simply[.012345678]
(or[.0-8]
), which matches a single character from those listed between the square brackets. The hyphen (-
) indicates a ascii character range. eg.a-z
.So, your regex
Chrome/[17.0.0.0-86.0.0.0]
matches any user-agent that contains one of the following substrings:Chrome/.
Chrome/0
Chrome/1
Chrome/2
Chrome/3
Chrome/4
Chrome/5
Chrome/6
Chrome/7
Chrome/8
So, it will basically block any Chrome version that does not start with a
9
. In other words, it will allow versions 9 and 90 through 99 and block everything else (until we eventually get to version 900!).If you still want to follow the same approach and block old user-agent strings then you’ll need to follow your "dirty workaround" and punch holes for user-agents you do want to allow. Although you can generalise a bit and permit any version in the hundreds, eg.
1dd
(1 followed by two digits)For example, it would be easier to block everything and then allow specific User-Agent patterns:
Note that I specifically used
BrowserMatch
(rather thanBrowserMatchNoCase
) for the allowed cases since official Chrome User-Agents will always have an uppercaseC
.this works until chrome/firefox get to 200s