Paulo Morgado

.NET Development & Architecture

Recent Articles

view all

Events

Projects

Recent Readers

Visitor Locations

Visitor Locations

Disclaimer

The opinions and viewpoints expressed in this site are mine and do not necessarily reflect those of Microsoft, my employer or any community that I belong to. Any code or opinions are offered as is. Products or services mentioned are purchased by me, made available to me by my employer or the manufacturer/vendor which doesn't influence my opinion in any way.

The Problem Of Long Web Browser User-Agent Strings

Every web browser sends, on every request, a user-agent request HTTP header to the server.

If you are curious about how Internet Explorer’s user-agent string is form, read this article.

This information is used by server software to identify the web browser the user is using and its capabilities and determine if it’s enough for use in this web site or to perform differentiate rendering.

In the past there have been several reports of user-agent string buffer overrun attacks and some web servers and firewalls have chosen to block access to requests that have a user-agent string over some length.

The problem that arrives now is that, due to other software installed in the user’s system, the user-agent string has been growing past the limit allowed by some web servers and firewalls.

As an example, my web browser’s user-agent string, at this moment, is:

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30618; Zune 3.0; OfficeLiveConnector.1.3; OfficeLivePatch.1.3; MS-RTC LM 8; SPC 3.1 P1 Ta)

With a user-agent string like this (275 characters long) I’ve been locked out of sever sites.

Posted: Jan 12 2009, 12:18 AM by Paulo Morgado | with 3 comment(s)
Filed under: ,

Comments

Paulo Morgado said:

Other web applications from several service providers are starting to see trouble as well.  Many support user agent strings with an upper limit of 240-260 characters (most being at 255 or 256).  

When the user agent is longer, an exception is thrown and the application fails.  Most service providers aren't aware of this issue; others are realizing just now that there is a problem.

Some software "registers" itself into the user agent string upon installation by adding an entry to this Registry key:  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform.  This includes ALL .NET installations and service packs.  The latest service pack from January 2009 has sent many browsers "over the edge."

# February 3, 2009 5:31 PM

Los Excesos, Pueden Causar Problemas: Muchas Barras de Herramientas en IE « Angel Reyes’s Weblog said:

Pingback from  Los Excesos, Pueden Causar Problemas: Muchas Barras de Herramientas en IE « Angel Reyes’s Weblog

# September 30, 2010 2:11 PM

Los Excesos, Pueden Causar Problemas: Muchas Barras de Herramientas en IE | Ready2Fill said:

Pingback from  Los Excesos, Pueden Causar Problemas: Muchas Barras de Herramientas en IE | Ready2Fill

# September 30, 2010 3:01 PM
Leave a Comment

(required) 

(required) 

(optional)

(required)