Mobile app version of vmapp.org
Login or Join
XinRu657

: Apache 2.2 Not Identifying Safari with HTTP_USER_AGENT I have a web server that has to meet PCI compliance requirements. Their latest round of policy changes have removed support for Safari, after

@XinRu657

Posted in: #Apache #ModRewrite #Safari #UrlRewriting

I have a web server that has to meet PCI compliance requirements. Their latest round of policy changes have removed support for Safari, after having removed support for Windows XP based IE clients. The code below works great to send users of compliant browsers to the SSL site, but fails to identify Safari for some reason. PCI compliance says that we cannot use TLS 1.0 encryption, which is the highest encryption level Safari currently supports. Our non-SSL page displays a header informing the user of their issue and requesting that they upgrade to a more secure browser.

RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} !Version/[1-5] [OR]
RewriteCond %{HTTP_USER_AGENT} !MSIE ([6-8])
RewriteCond %{HTTP_HOST} sa.edu [NC]
RewriteCond %{HTTP_HOST} sa.edu [NC]
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) www.sa.edu/ [NC,R,L]


I've done a regex test on the Safari line and it works find in Regex. I've also looked at the different user agent strings used to see what the common thread is among Safari browsers. Version/[1-5] seems to be the common thread. I've also tried just hitting it with !Safari and that doesn't seem to catch them either, which should result in Chrome and Safari users as both pass a Safari string. Below is the user agent line of the Safari browser I'm test from and the Chrome browser I'm testing from.

Chrome:

Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36


Safari

Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2

10.01% popularity Vote Up Vote Down


Login to follow query

More posts by @XinRu657

1 Comments

Sorted by latest first Latest Oldest Best

 

@Ogunnowo487

Your logic appears to be reversed... you need to remove the OR flag at the end of the first RewriteCond directive. This looks like it should be an implicit AND:

RewriteCond %{HTTP_USER_AGENT} !Version/[1-5]
RewriteCond %{HTTP_USER_AGENT} !MSIE ([6-8])


In other words... if it's not Safari and it's not IE6-8 then proceed...

If you OR these two conditions then it's likely to always evaluate to true and you will always be redirected.

(I'm assuming your regex is correct.)

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme