The Problem Of Long Web Browser User-Agent Strings

Every web browser sends, on every request, a user-agent request HTTP header to the server.

If you are curious about how Internet Explorer’s user-agent string is form, read this article.

This information is used by server software to identify the web browser the user is using and its capabilities and determine if it’s enough for use in this web site or to perform differentiate rendering.

In the past there have been several reports of user-agent string buffer overrun attacks and some web servers and firewalls have chosen to block access to requests that have a user-agent string over some length.

The problem that arrives now is that, due to other software installed in the user’s system, the user-agent string has been growing past the limit allowed by some web servers and firewalls.

As an example, my web browser’s user-agent string, at this moment, is:

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30618; Zune 3.0; OfficeLiveConnector.1.3; OfficeLivePatch.1.3; MS-RTC LM 8; SPC 3.1 P1 Ta)

With a user-agent string like this (275 characters long) I’ve been locked out of sever sites.

3 Responses to The Problem Of Long Web Browser User-Agent Strings

  • Scott says:

    Hi Paulo,

    I too have noticed this issue and have been researching it. Can you provide any specific examples of the sites you mention (that you have been locked out of)?

    Thanks!

    Scott

  • paulo says:

    Hi Scott,

    HappyTweets.Com is one that’s still block by its hoster (webhost4life.com).

    Also the F5 Networks VPN portal only supports 260 characters per HTTP headr.

  • john1341 says:

    I seem to have the same issue with netflix in media center