PacketFence - BTS - PacketFence
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0000790PacketFencepublic2009-08-31 17:492011-01-26 15:43
Reporterobilodeau 
Assigned Toobilodeau 
PrioritynormalSeverityminorReproducibilityN/A
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version 
fixed in git revision
fixed in mtn revision
Summary0000790: block popular non-human UserAgents
DescriptionSince 1.8.4 packetfence edit a node with the useragent each time the portal is hit. This allow to enforce browser restriction policies and also device banning policies.

But, sometimes a lot of noise is generated by non-human initiated connection (software updates, stuff phoning home, etc.). This is increasing the server's load (pfcmd fork) and replacing the node's browser with something else that is not really relevant.

I think the best approach to circumvent this problem is to redirect known non-human useragents to an access denied page.

http://httpd.apache.org/docs/2.2/misc/rewriteguide.html#access [^]
Steps To Reproduce
Additional Information
TagsNo tags attached.
Relationships
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2009-08-31 17:49obilodeauNew Issue
2009-08-31 17:49obilodeauStatusnew => assigned
2009-08-31 17:49obilodeauAssigned To => obilodeau
2009-08-31 18:39obilodeauNote Added: 0001303
2009-08-31 18:39obilodeauNote Added: 0001304
2009-09-01 11:48obilodeauNote Added: 0001305
2009-09-11 18:18obilodeauNote Added: 0001312
2009-09-11 18:18obilodeauStatusassigned => resolved
2009-09-11 18:18obilodeauResolutionopen => fixed
2011-01-26 15:43obilodeauStatusresolved => closed

Notes
(0001303)
obilodeau   
2009-08-31 18:39   
I added the following lines in conf/templates/httpd.conf.apache22 and conf/templates/httpd.conf.pre_apache22 at the top of rewriting rules:

  # Some UserAgents we don't want to mess with
  RewriteCond %{HTTP_USER_AGENT} ^Microsoft-CryptoAPI.* [OR]
  RewriteCond %{HTTP_USER_AGENT} ^Windows-Update-Agent.*
  RewriteRule ^.*$ - [L,forbidden]
(0001304)
obilodeau   
2009-08-31 18:39   
Tested in lab and it seems to do it.
(0001305)
obilodeau   
2009-09-01 11:48   
added WinHttp-Autoproxy-Service after some research
  # Some UserAgents we don't want to mess with
  RewriteCond %{HTTP_USER_AGENT} ^Microsoft-CryptoAPI.* [OR]
  RewriteCond %{HTTP_USER_AGENT} ^Windows-Update-Agent.* [OR]
  RewriteCond %{HTTP_USER_AGENT} ^WinHttp-Autoproxy-Service.*
  RewriteRule ^.*$ - [L,forbidden]
(0001312)
obilodeau   
2009-09-11 18:18   
Fixed in mtn revision 208766cb0490cd539ee723a2a8889202903613c2