Closed Bug 932498 Opened 11 years ago Closed 11 years ago

bad-behavior framework blocks Gecko/25 User-Agent string

Categories

(Web Compatibility :: Site Reports, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED INVALID

People

(Reporter: karlcow, Unassigned)

References

()

Details

(Whiteboard: [sitewait] [lib-badbehavior] [serversniff])

When Firefox OS/Firefox Android contains Gecko/25, the framework bad-behavior blocks the user agent string with a 403. GET / HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate, compress Host: www.sansimera.gr User-Agent: Android Mobile Gecko/25 HTTP/1.1 403 Bad Behavior Content-Encoding: gzip Content-Length: 740 Content-Type: text/html; charset=UTF-8 Date: Tue, 29 Oct 2013 21:15:26 GMT Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_bwlimited/1.4 Vary: User-Agent,Accept-Encoding X-Powered-By: PHP/5.3.24 Any string which is on the form "Gecko/25.*" is being blocked. Gecko/252, Gecko/2525, etc. even Gecko/25a In the source code of the framework, we can see in the file blacklist.inc.php, line 86 of the version 2.2.14 http://downloads.wordpress.org/plugin/bad-behavior.2.2.14.zip "Gecko/2525", // revisit this in 500 years
See Also: → 932026
Contacted the owner
Whiteboard: [contactready] [lib-badbehavior] [serversniff] → [sitewait] [lib-badbehavior] [serversniff]
Closing as INVALID. New version of bad Behavior behaves correctly. > I cannot reproduce this with Bad Behavior 2.2.14. This update, released April 9, 2013, > contains a fix for this issue. As you can see, it was released well in advance of Firefox 25. > > The corrected User-Agent blacklist string targets a malicious User-Agent which contains > "Gecko/2525" which was followed by an obviously false month and day, in the manner in > which Mozilla products previously structured this part of the User-Agent. Prior to the > change, it would match anything that contained "Gecko/25". This change was made in > response to Mozilla's changing of the structure of the User-Agent string. > > The most likely cause is that they did not apply the update to 2.2.14 correctly > (or at all). I would recommend that they remove their existing copy and upload a > fresh copy. > > If you wish, you may refer the user to Bad Behavior's bug tracker at > http://redmine.ioerror.us/projects/bad-behavior >
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
See Also: → 935657
Blocks: 935657
Product: Tech Evangelism → Web Compatibility
Component: Mobile → Site Reports
You need to log in before you can comment on or make changes to this bug.