On Friday 10 October 2003 09:36 am, HaywireMac wrote:LOL,
On Fri, 10 Oct 2003 09:34:38 -0400
Bryan Phinney <[EMAIL PROTECTED]> uttered:
You can test for an explicit browser string but the code must be addedConsidering the effects of compromised home computers running XP on the'net, I would like to start a campaign to essentially "lock out" IE from accessing websites.
Of course, one would still be able to use Windows, but have to use
an alternate browser such as Mozilla.
to every virtual server run from Apache. You can't just add it to a
configuration setting, it has to be in the page or application code.
I haven't even got Virtual Servers to work yet, even after following the multitude of examples on this and the Newb list, I'll be happy if I can just get some momentum going on this.
So what you are saying is the the Apache config is useless? On their
docs page they seem to say otherwise...
I do not know of any method of detecting the browser and altering the default page displayed based on that browser that does not entail creating code on the default display page and possibly subsequent pages of the site. I also do not know of any method of doing this that I would be unable to bypass in some manner. Figuring out what happens when you bypass the detection code is part of QA and I have yet to see any site that is capable of locking me out based on my browser. I have been working in software QA for about 8 years, the last 4-5 has been spent almost entirely on web-based applications. I would consider myself somewhat knowledgable in that area. YMMV.
Also, if someone has a page under the actual index bookmarked, theyI don't have many pages to edit, so adding it to each and every page
can still bypass the detection string. I use that all the time to
bypass detection and enforcement of IE only.
would be a simple matter of copy and paste.
That depends on your pages. If you use a CGI method, each page that can be reached via URL must be CGI based. If you use a PHP method, the same holds true. If you mix html, dhtml, CGI, etc. it is not a simple cut and paste function. The fact is that if I can load a page without loading the specific redirect code that you created, I can bypass the detection. Also, if I use a proxy server that doesn't pass a browser id header, I can bypass the redirect. If you are trying to lock out a specific browser, it is easier to bypass than if you only accepted a particular one. Without a browser header, the default behavior is probably to display the normal page. With most detection mechanisms, the default is to not display unless the browser identifies itself as a certain type. Even that can be spoofed, although not trivially with IE.
14+ years dealing with network issues, and, quess what, I still learn something new each day. Check out the web page. Some of the methodologies are pretty damn effective. Computer science, like any other science, is not exact, and not without it exceptions.
http://www.devin.com/ieblock_howto.shtml
drjung
-- J. Craig Woods UNIX Network/System Engineer http://www.trismegistus.net/resume.htm Let him that would move the world, first move himself. --Socrates
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com