I'm trying to setup a whitelist of browsers allowed to visit a static website hosted by a nginx server.
I found in the documentation a reference to modern_browser directive.
It seems interesting but I still have some questions : - How can I detect Chrome browser ? (let's say I want to detect Chrome 60 and Safari 11) - How can I know if It's a mobile Chrome or Safari ?
The modern_browser* directives are not just horribly outdated for today's practical purposes, they are no longer necessary today. You can just match the now-relevant browsers in a regex map.
Assuming you are doing this right now:
modern_browser_value "modern.";
ancient_browser_value "unpatched.";
modern_browser gecko 60;
index index.${modern_browser}html index.${ancient_browser}html index.html;
The following accomplishes similar matching, but allows more fine-grained control:
map $http_user_agent $browser_prefix {
"~Mozilla/5.0 \(.+ rv:[6789][0-9]\.[0-9.]*\).* Firefox/[0-9.]*$" "modern."
"~Mozilla/5.0 \(Android" "unpatched.";
default "unpatched.";
}
index index.${browser_prefix}html index.html;
You can use the resulting $variable the same way, including outright access denial like
if ($browser_prefix = "unpatched.") {return 403;}
Because your question mentions whitelisting, here is a list of reasons people use browser-detection when they should not be doing that:
