Mike pointed me to an interesting bug for the Sansimera Web site.
The request
GET / HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, compress
Host: www.sansimera.gr
User-Agent: Mozilla/5.0 (Android; Mobile; rv:24.0) Gecko/24.0 Firefox/24.0
The response
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Encoding: gzip
Content-Length: 11335
Content-Type: text/html; charset=utf-8
Date: Mon, 28 Oct 2013 22:22:52 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Mon, 28 Oct 2013 22:22:52 GMT
Location: http://m.sansimera.gr/
Pragma: no-cache
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_bwlimited/1.4
Set-Cookie: bb2_screener_=1382998972+65.36.73.92; path=/
Set-Cookie: PHPSESSID=2ae2192272ef05fd104e0921870c3dfd; path=/
Vary: User-Agent,Accept-Encoding
X-Powered-By: PHP/5.3.24
Nothing unusual. OK let's try again.
The request
GET / HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, compress
Host: www.sansimera.gr
User-Agent: Mozilla/5.0 (Android; Mobile; rv:25.0) Gecko/25.0 Firefox/25.0
The response
HTTP/1.1 403 Bad Behavior
Content-Encoding: gzip
Content-Length: 739
Content-Type: text/html; charset=UTF-8
Date: Mon, 28 Oct 2013 22:23:00 GMT
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_bwlimited/1.4
Vary: User-Agent,Accept-Encoding
X-Powered-By: PHP/5.3.24
Huh? Did you spot the difference? It's subtle. Really… ok let me help you. One request has the version number 24 and the other one has the version number 25. Then I thought… hmm ok, the UA detection framework is working until 24, and it doesn't have yet in its database the version number 25. So let's test with a higher number 26.
User-Agent: Mozilla/5.0 (Android; Mobile; rv:26.0) Gecko/26.0 Firefox/26.0
The result?
HTTP/1.1 302 Moved Temporarily
Ooops. So what is the pattern?
- Working - "Mozilla/5.0 (Android; Mobile; rv:25.0) Gecko/24.0 Firefox/25.0"
- Working - "Android Mobile Gecko/24.0"
- Working - "Android Mobile Gecko/1"
- Working - "Android Mobile"
- Failing - "Android Mobile Gecko/25"
- Working - "Android Mobile Gecko/26"
- Working - "Android Mobile Gecko/100"
- Failing - "Gecko/25"
- Working - "Gecko/24"
So for the Greek Web sites, as Mike said, <miketaylr> 25 is cursed, karlcow
.
Otsukare!