You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Jason Murphy <ja...@hotmail.com> on 2000/04/01 02:55:21 UTC
Re: HTTP_USER_AGENT
I remember that SlashCode (The ModPerl scripts that run Slashdot.org) has a
big listing of HTTP_USER_AGENT's in it. You might want to head over to
www.slashcode.com and get SlashCode and find it in there. Its a small
download.
--
Jason Murphy
System Administrator
Lawinfo.com
1-800-397-3743 ex: 133
----- Original Message -----
From: "Bill Jones" <bi...@fccj.org>
To: "raptor" <ra...@unacs.bg>; <mo...@apache.org>; <xm...@listbot.com>
Sent: Friday, March 31, 2000 4:59 AM
Subject: Re: HTTP_USER_AGENT
> on 3/31/00 2:43 PM, raptor at raptor@unacs.bg wrote:
>
> > HTTP_USER_AGENT :
> >
> > IE3.x,4.x,5,5.5
> > NN3.x,4.x
> > may be other too...
> >
>
>
>
> W3C maybe ?
> - FCCJ * 501 W State St * Jacksonville, Fl 32202 * 904/632-3089 -
>
>
>
Re: HTTP_USER_AGENT
Posted by darren chamberlain <da...@boston.com>.
A quick grep through v. 1.0.0 revealed no such list (i grepped for 'user_'
and 'mozilla' case insensitive).
darren
Jason Murphy (jasonthomasmurphy@hotmail.com) said something to this effect:
> I remember that SlashCode (The ModPerl scripts that run Slashdot.org) has a
> big listing of HTTP_USER_AGENT's in it. You might want to head over to
> www.slashcode.com and get SlashCode and find it in there. Its a small
> download.
>
>
> --
> Jason Murphy
> System Administrator
> Lawinfo.com
> 1-800-397-3743 ex: 133
> ----- Original Message -----
> From: "Bill Jones" <bi...@fccj.org>
> To: "raptor" <ra...@unacs.bg>; <mo...@apache.org>; <xm...@listbot.com>
> Sent: Friday, March 31, 2000 4:59 AM
> Subject: Re: HTTP_USER_AGENT
>
>
> > on 3/31/00 2:43 PM, raptor at raptor@unacs.bg wrote:
> >
> > > HTTP_USER_AGENT :
> > >
> > > IE3.x,4.x,5,5.5
> > > NN3.x,4.x
> > > may be other too...
> > >
> >
> >
> >
> > W3C maybe ?
> > - FCCJ * 501 W State St * Jacksonville, Fl 32202 * 904/632-3089 -
> >
> >
> >
--
Think like a man of action, act like a man of thought.
Re: HTTP_USER_AGENT
Posted by Jason Murphy <jm...@lawinfo.com>.
So the moral of the story is, don't ever trust the client for anything
important.
> I still think that's missing an important point:
>
> YOU CAN'T HAVE a canonical listing of HTTP_USER_AGENT values, because NO
> SUCH ANIMAL exists :) All HTTP_USER_AGENT is is a string supplied by the
> client, and as long as the client follows the spec for what the string is
> supposed to look like [ Client/Version (param; param; ... param) ] then it
> is a valid response. I've written client scripts before that supplied
> values like "HungrySalmon/1.0" for HTTP_USER_AGENT. Nor can you trust it:
> it's a simple matter of editing one string table inside Netscape to change
> it (even easier than replacing the "traveling N"; IIRC, Netscape's
> "customization" kit for corp. clients even supports it directly), and if
> the agent is a client script, it's even easier to spoof (Exercise for the
> reader: write an HTTP client script using LWP that reports its user agent
> as "Navigator/3.04"; no, I don't want to see it when you're done -- I
> didn't collect homework when I did teach, I'm not going to start now *g*)
> in your own widgets.
>
> At one point I was involved with a project to collect the HTTP_USER_AGENT
> strings reported by spiders, and associating them with the search engine
> they belonged to, so that the "most appropriate" set of meta-information
> for that particular search engine could be returned... and it wasn't that
> long of a list. So you can get probably 99% of the information you want
> fairly easily, but I still wouldn't trust it.
>
> Incidentally, if you either use the (deprecated) Agent_Log directive or
> used the "combined" logfile format, you can extract a list of
> HTTP_USER_AGENT strings from your own server logs :) And now, you know
> not to be alarmed when you find your site being visited by someone using
> "FlailingJellyfish/5.7" :)
--
Jason Murphy
System Administrator
Lawinfo.com
1-800-397-3743 ex: 133
>
> ************************************************************
> Jeff D. "Spud (Zeppelin)" Almeida
> Windsor, CT
> spud@spudzeppelin.com
>
>
Re: HTTP_USER_AGENT
Posted by "Jeff D. 'Spud (Zeppelin)' Almeida" <sp...@spudzeppelin.com>.
On Fri, 31 Mar 2000, Jason Murphy wrote:
> I remember that SlashCode (The ModPerl scripts that run Slashdot.org) has a
> big listing of HTTP_USER_AGENT's in it. You might want to head over to
> www.slashcode.com and get SlashCode and find it in there. Its a small
> download.
I still think that's missing an important point:
YOU CAN'T HAVE a canonical listing of HTTP_USER_AGENT values, because NO
SUCH ANIMAL exists :) All HTTP_USER_AGENT is is a string supplied by the
client, and as long as the client follows the spec for what the string is
supposed to look like [ Client/Version (param; param; ... param) ] then it
is a valid response. I've written client scripts before that supplied
values like "HungrySalmon/1.0" for HTTP_USER_AGENT. Nor can you trust it:
it's a simple matter of editing one string table inside Netscape to change
it (even easier than replacing the "traveling N"; IIRC, Netscape's
"customization" kit for corp. clients even supports it directly), and if
the agent is a client script, it's even easier to spoof (Exercise for the
reader: write an HTTP client script using LWP that reports its user agent
as "Navigator/3.04"; no, I don't want to see it when you're done -- I
didn't collect homework when I did teach, I'm not going to start now *g*)
in your own widgets.
At one point I was involved with a project to collect the HTTP_USER_AGENT
strings reported by spiders, and associating them with the search engine
they belonged to, so that the "most appropriate" set of meta-information
for that particular search engine could be returned... and it wasn't that
long of a list. So you can get probably 99% of the information you want
fairly easily, but I still wouldn't trust it.
Incidentally, if you either use the (deprecated) Agent_Log directive or
used the "combined" logfile format, you can extract a list of
HTTP_USER_AGENT strings from your own server logs :) And now, you know
not to be alarmed when you find your site being visited by someone using
"FlailingJellyfish/5.7" :)
************************************************************
Jeff D. "Spud (Zeppelin)" Almeida
Windsor, CT
spud@spudzeppelin.com