Forum Discussion

Michael_015_163's avatar
Icon for Nimbostratus rankNimbostratus
Nov 17, 2014

APM Browser Check

I have a fussy application that has browser pre-requisites of:


  • Internet Explorer 9 or later
  • Firefox 25 or later
  • Chrome 31 or later
  • Safari 7 or later

I have setup an accessprofile, and added a "General Purpose\Empty" object branch.


I thought I could use the session.client.type and session.client.version to construct the check.


Something like this:


expr { [mcget {session.client.type}] == "IE" && [mcget {session.client.version}] >= "9" } || [mcget {session.client.type}] == "Chrome" && [mcget {session.client.version}] >= "31" }


however when using Chrome38 session.client.type = Mozilla and session.client.version = 5


It looks like I really need to parse the session.user.agent attribute.


Is there an easy way to achieve this?


or do I need to split the string by the " " (space) char and try and guess the right place?


Agent strings that should work:


Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1623.0 Safari/537.36


Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET CLR 2.0.50727; Media Center PC 6.0)


Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0


Agent strings that should fail:


Mozilla/5.0 (Windows NT 6.0; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0


Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.17 Safari/537.36


Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET CLR 1.0.3705; .NET CLR 1.1.4322)


Can someone give me some clues?


Should the F5 add extra attributes from the parsed agent by default?


5 Replies

  • I have to do something similar for a client, but we're not tied to exact version numbers, we just reject certain browsers. Here's a very basic iRule you can use to reject off of major browser types, you can modify it to get as exact as you want. This will block anything except Safari and MSIE, and throw a custom webpage if it detects anything except these two user agents. Note that Chrome's user-agent says it's everything so it will likely get through unless you throw another condition in there.

    when HTTP_REQUEST {
        Block browsers that aren't MSIE or Safari
        if { not ([string tolower [HTTP::header "User-Agent"]] contains "safari" or [string tolower [HTTP::header "User-Agent"]] contains "msie")}{
    log local0. "Bad user agent:[HTTP::header "User-Agent"]"
            HTTP::respond 200 content [ifile get "usa_a_supported_browser_html"] 
  • Looks OK.


    I was hoping to use it with APM in the visual policy. Redirecting the user if the check fails. Also the AccessProfile is enumerated once at the start of the session so it would be more efficient (I think).


    It seems like I need to split the string into variables so that I can the test >= on the version.


  • You can use the irule to create a new variable, then use an irule event in VPE to parse it if you need to use it in the visual policy.


  • Your particular version-checking requirements necessitate parsing the user agent string for more detailed browser information. Unfortunately, the default NetScaler expressions, such as session. Client. The type doesn't offer adequate granularity. To extract the precise Chrome, Firefox, etc. versions, you'll probably need to apply regex or substring operations on session.user.agent. NetScaler should not pars the user agent beyond the high-level type/version out of the box. Any students or IT professionals needing aid with assignments on subjects like NetScaler configuration or operations assignment help uk can turn to online suppliers. However, your strategy of dividing the user agent string and examining the pertinent substring values is the best action in this case. If you have any further inquiries, please let me know!