Closed
Bug 932498
Opened 11 years ago
Closed 11 years ago
bad-behavior framework blocks Gecko/25 User-Agent string
Categories
(Web Compatibility :: Site Reports, defect)
Web Compatibility
Site Reports
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: karlcow, Unassigned)
References
()
Details
(Whiteboard: [sitewait] [lib-badbehavior] [serversniff])
When Firefox OS/Firefox Android contains Gecko/25, the framework bad-behavior blocks the user agent string with a 403. GET / HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate, compress Host: www.sansimera.gr User-Agent: Android Mobile Gecko/25 HTTP/1.1 403 Bad Behavior Content-Encoding: gzip Content-Length: 740 Content-Type: text/html; charset=UTF-8 Date: Tue, 29 Oct 2013 21:15:26 GMT Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_bwlimited/1.4 Vary: User-Agent,Accept-Encoding X-Powered-By: PHP/5.3.24 Any string which is on the form "Gecko/25.*" is being blocked. Gecko/252, Gecko/2525, etc. even Gecko/25a In the source code of the framework, we can see in the file blacklist.inc.php, line 86 of the version 2.2.14 http://downloads.wordpress.org/plugin/bad-behavior.2.2.14.zip "Gecko/2525", // revisit this in 500 years
|
Reporter | |
Comment 1•11 years ago
|
||
Contact page is http://bad-behavior.ioerror.us/contact/
|
|
Reporter | |
Comment 2•11 years ago
|
||
Contacted the owner
Whiteboard: [contactready] [lib-badbehavior] [serversniff] → [sitewait] [lib-badbehavior] [serversniff]
|
|
Reporter | |
Comment 3•11 years ago
|
||
Closing as INVALID. New version of bad Behavior behaves correctly.
> I cannot reproduce this with Bad Behavior 2.2.14. This update, released April 9, 2013,
> contains a fix for this issue. As you can see, it was released well in advance of Firefox 25.
>
> The corrected User-Agent blacklist string targets a malicious User-Agent which contains
> "Gecko/2525" which was followed by an obviously false month and day, in the manner in
> which Mozilla products previously structured this part of the User-Agent. Prior to the
> change, it would match anything that contained "Gecko/25". This change was made in
> response to Mozilla's changing of the structure of the User-Agent string.
>
> The most likely cause is that they did not apply the update to 2.2.14 correctly
> (or at all). I would recommend that they remove their existing copy and upload a
> fresh copy.
>
> If you wish, you may refer the user to Bad Behavior's bug tracker at
> http://redmine.ioerror.us/projects/bad-behavior
>Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
|
Assignee | |
Updated•5 years ago
|
Product: Tech Evangelism → Web Compatibility
|
|
Assignee | |
Updated•2 months ago
|
Component: Mobile → Site Reports
You need to log in
before you can comment on or make changes to this bug.
Description
•