Forum Discussion

Michael_015_163's avatar
Michael_015_163
Icon for Nimbostratus rankNimbostratus
Nov 17, 2014

APM Browser Check

I have a fussy application that has browser pre-requisites of:

 

  • Internet Explorer 9 or later
  • Firefox 25 or later
  • Chrome 31 or later
  • Safari 7 or later

I have setup an accessprofile, and added a "General Purpose\Empty" object branch.

 

I thought I could use the session.client.type and session.client.version to construct the check.

 

Something like this:

 

expr { [mcget {session.client.type}] == "IE" && [mcget {session.client.version}] >= "9" } || [mcget {session.client.type}] == "Chrome" && [mcget {session.client.version}] >= "31" }

 

however when using Chrome38 session.client.type = Mozilla and session.client.version = 5

 

It looks like I really need to parse the session.user.agent attribute.

 

Is there an easy way to achieve this?

 

or do I need to split the string by the " " (space) char and try and guess the right place?

 

Agent strings that should work:

 

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1623.0 Safari/537.36

 

Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET CLR 2.0.50727; Media Center PC 6.0)

 

Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0

 

Agent strings that should fail:

 

Mozilla/5.0 (Windows NT 6.0; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0

 

Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.17 Safari/537.36

 

Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET CLR 1.0.3705; .NET CLR 1.1.4322)

 

Can someone give me some clues?

 

Should the F5 add extra attributes from the parsed agent by default?

 

application delivery
BIG-IP Access Policy Manager (APM)
devops
iRules
LTM
security

5 Replies

Sort By
  • Cthulhucalling_'s avatar
    Cthulhucalling_
    Icon for Cirrus rankCirrus
    Nov 17, 2014

    I have to do something similar for a client, but we're not tied to exact version numbers, we just reject certain browsers. Here's a very basic iRule you can use to reject off of major browser types, you can modify it to get as exact as you want. This will block anything except Safari and MSIE, and throw a custom webpage if it detects anything except these two user agents. Note that Chrome's user-agent says it's everything so it will likely get through unless you throw another condition in there.

    when HTTP_REQUEST {
    Block browsers that aren't MSIE or Safari
    if { not ([string tolower [HTTP::header "User-Agent"]] contains "safari" or [string tolower [HTTP::header "User-Agent"]] contains "msie")}{
log local0. "Bad user agent:[HTTP::header "User-Agent"]"
        HTTP::respond 200 content [ifile get "usa_a_supported_browser_html"]
  • Michael_015_163's avatar
    Michael_015_163
    Icon for Nimbostratus rankNimbostratus
    Nov 17, 2014

    Looks OK.

     

    I was hoping to use it with APM in the visual policy. Redirecting the user if the check fails. Also the AccessProfile is enumerated once at the start of the session so it would be more efficient (I think).

     

    It seems like I need to split the string into variables so that I can the test >= on the version.

     

  • Cthulhucalling_'s avatar
    Cthulhucalling_
    Icon for Cirrus rankCirrus
    Nov 17, 2014

    You can use the irule to create a new variable, then use an irule event in VPE to parse it if you need to use it in the visual policy.

     

  • royalbert867's avatar
    royalbert867
    Icon for Nimbostratus rankNimbostratus
    Jul 31, 2023

    Your particular version-checking requirements necessitate parsing the user agent string for more detailed browser information. Unfortunately, the default NetScaler expressions, such as session. Client. The type doesn't offer adequate granularity. To extract the precise Chrome, Firefox, etc. versions, you'll probably need to apply regex or substring operations on session.user.agent. NetScaler should not pars the user agent beyond the high-level type/version out of the box. Any students or IT professionals needing aid with assignments on subjects like NetScaler configuration or operations assignment help uk can turn to online suppliers. However, your strategy of dividing the user agent string and examining the pertinent substring values is the best action in this case. If you have any further inquiries, please let me know!