Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

APM Browser Check

I have a fussy application that has browser pre-requisites of:

  • Internet Explorer 9 or later
  • Firefox 25 or later
  • Chrome 31 or later
  • Safari 7 or later

I have setup an accessprofile, and added a "General Purpose\Empty" object branch.

I thought I could use the session.client.type and session.client.version to construct the check.

Something like this:

expr { [mcget {session.client.type}] == "IE" && [mcget {session.client.version}] >= "9" } || [mcget {session.client.type}] == "Chrome" && [mcget {session.client.version}] >= "31" }

however when using Chrome38 session.client.type = Mozilla and session.client.version = 5

It looks like I really need to parse the session.user.agent attribute.

Is there an easy way to achieve this?

or do I need to split the string by the " " (space) char and try and guess the right place?

Agent strings that should work:

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1623.0 Safari/537.36

Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET CLR 2.0.50727; Media Center PC 6.0)

Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0

Agent strings that should fail:

Mozilla/5.0 (Windows NT 6.0; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0

Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.17 Safari/537.36

Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET CLR 1.0.3705; .NET CLR 1.1.4322)

Can someone give me some clues?

Should the F5 add extra attributes from the parsed agent by default?

1
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

You could always use a standard VPE object (empty box) and then put a branch in with

expr { [mcget {session.user.agent}] contains "Chrome/" || [mcget {session.user.agent}] contains "Firefox" }

something like

Image Text

2
Comments on this Answer
Comment made 08-Feb-2018 by Nolan Jensen 159

Gary,

Just wanted to say thank you for the information and screen shots this is what I needed to solve my issue.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

I have to do something similar for a client, but we're not tied to exact version numbers, we just reject certain browsers. Here's a very basic iRule you can use to reject off of major browser types, you can modify it to get as exact as you want. This will block anything except Safari and MSIE, and throw a custom webpage if it detects anything except these two user agents. Note that Chrome's user-agent says it's everything so it will likely get through unless you throw another condition in there.

when HTTP_REQUEST {
    #Block browsers that aren't MSIE or Safari
    if { not ([string tolower [HTTP::header "User-Agent"]] contains "safari" or [string tolower [HTTP::header "User-Agent"]] contains "msie")}{
log local0. "Bad user agent:[HTTP::header "User-Agent"]"
        HTTP::respond 200 content [ifile get "usa_a_supported_browser_html"] 
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Looks OK.

I was hoping to use it with APM in the visual policy. Redirecting the user if the check fails. Also the AccessProfile is enumerated once at the start of the session so it would be more efficient (I think).

It seems like I need to split the string into variables so that I can the test >= on the version.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

You can use the irule to create a new variable, then use an irule event in VPE to parse it if you need to use it in the visual policy.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

the vpe configuration works thanks

0