: Apache 2.2 Not Identifying Safari with HTTP_USER_AGENT I have a web server that has to meet PCI compliance requirements. Their latest round of policy changes have removed support for Safari, after

@XinRu657

Posted in: #Apache #ModRewrite #Safari #UrlRewriting

I have a web server that has to meet PCI compliance requirements. Their latest round of policy changes have removed support for Safari, after having removed support for Windows XP based IE clients. The code below works great to send users of compliant browsers to the SSL site, but fails to identify Safari for some reason. PCI compliance says that we cannot use TLS 1.0 encryption, which is the highest encryption level Safari currently supports. Our non-SSL page displays a header informing the user of their issue and requesting that they upgrade to a more secure browser.

RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} !Version/[1-5] [OR]
RewriteCond %{HTTP_USER_AGENT} !MSIE ([6-8])
RewriteCond %{HTTP_HOST} sa.edu [NC]
RewriteCond %{HTTP_HOST} sa.edu [NC]
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) www.sa.edu/ [NC,R,L]


I've done a regex test on the Safari line and it works find in Regex. I've also looked at the different user agent strings used to see what the common thread is among Safari browsers. Version/[1-5] seems to be the common thread. I've also tried just hitting it with !Safari and that doesn't seem to catch them either, which should result in Chrome and Safari users as both pass a Safari string. Below is the user agent line of the Safari browser I'm test from and the Chrome browser I'm testing from.

Chrome:

Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36


Safari

Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2

Vote Up Vote Down

Login to post a comment!