.htaccess user agents and website security
I have been looking around and trying to work out the best way to protect a few websites of mine.
Appart from the obvious manual monitoring of the site logs and banning extreme/suspicious activity. I have seen many posts etc. about banning user agents. Is this a good route to go down? and would it be a better idea too, instead off banning known bad user agents, just allowing the common mainstream ones such as IE, FireFox, Safari and Chrome?
http://www.javascriptkit.com/howto/htaccess13.shtml
Not worth it.
The User Agent is sent by the client, and is trivial to forge. There’s a Firefox add-on that adds alternate UA options to the menu, for example. If the attacker is writing a script, he can specify whatever UA he wants.
Check more discussion of this question.
Related posts:
1 Comment
Leave a comment
Recent Posts
- Is there a way for administrators to disable users from installing Firefox extensions?
- Is there research material on NTP accuracy available?
- How to create a limited “domain admin” that does not have access to domain controllers?
- Can Windows RDC admin users be immune from being kicked?
- Domain Administrators account policy (After PCI audit)
I heard SSL certificates are good for website security.