3

I am working on an application, and there is a page that I only want it to be available for users accessing from iphone devices..

As we know, user can change the user-agent from the client side or through the browser emulator, so I wanna know if there is a way to prevent it please?

Note: I managed to prevent that after user login to my website by keeping the browser user-agent in the session at the time of login.. so even if the user changes the user-agent after that, I will only consider the previous user-agent I saved in the session at the time of the login

However, what might not work is what if the user changes the user-agent to 'iphone' using emulator before calling my website and creating the session..

Can u help me with that please? Thanks,

Zakaria Acharki
  • 66,747
  • 15
  • 75
  • 101
J-Coder
  • 61
  • 5

6 Answers6

3

There is no reliable way to verify a client's User-Agent. At best, you might be able to make inferences using other information about their browser, e.g. if they say they are an iPhone, but they have a 1920x1080 screen/browser window, something isnt right. But I would not recommend this.

wweber
  • 173
  • 7
  • 2
    utterly pointless anyways. detecting such things would require javascript, which is under the user's control anyways. if they're going to go so far as to hack the UA to barge into a site, nothing's going to stop them from hacking the JS detection code to just say "yep, this is an iphone" – Marc B Dec 24 '15 at 16:04
2

Simple answer - you can't.

However, you can detect that the user is browsing on a mobile device using CSS media queries which you could use to show/hide a warning saying that the page is only available to mobile devices.

This still won't stop people spoofing the user agent though, and there is nothing you can do about that.

Rory McCrossan
  • 331,213
  • 40
  • 305
  • 339
0

A trick that could work, is to check navigator.platform. See this post

But if someone really wants to see this page without an iPhone, Javascript is not secure.

Community
  • 1
  • 1
FelixSFD
  • 6,052
  • 10
  • 43
  • 117
  • You should however be aware that this property has been deprecated, https://developer.mozilla.org/en-US/docs/Web/API/NavigatorID/platform – Rory McCrossan Dec 24 '15 at 16:11
0

Note, untested at iPhone, though returns expected results filtering Webkit, Moz , Ms prefixes in browsers Use Jquery to detect IE, then redirect , How to target only one browser?

Try checking for -apple prefix in document.body.style

if ("AppleUserSelect" in document.body.style) {
  // do stuff
}

See Vendor-prefixed CSS Property Overview

Community
  • 1
  • 1
guest271314
  • 1
  • 15
  • 104
  • 177
0

You could detect which browser is used by detecting browser specific features, like some proprietary Javascript functions.

Also, search for "browser fingerprint" on Google, it might help you.

Eric Citaire
  • 4,355
  • 1
  • 29
  • 49
0

Thank you all for the answer. To be in the save side, I'll put in my mind that if someone intends to access the page, can sniff and change the user-agent..

J-Coder
  • 61
  • 5