0

I'm trying to block all the PC, laptops and send them to a blank page or any page that I set it up for a PCs site.

I just have a mobile version website and I only want to allow iOS such as iPad, iPod and iPhone to visit my website and block the rest for my security purpose

I'm trying to search in here and google I think I'm using some kind of wrong term or maybe something that I don't know exactly but I see many website does that.

Thanks

Ali
  • 9,997
  • 20
  • 70
  • 105

3 Answers3

4

I would just scan the user-agent. Find the ones that you will accept and then redirect the rest to a non-blank sorry page. A blank page would not be very nice, so a simple sorry would do. I say this because maybe the user has a mobile device to use, but happens to be on a pc. A blank page would make them think that the site is junk or doesn't work and you might lose their mobile traffic also.

hivie7510
  • 1,246
  • 10
  • 23
  • so I believe this would have something to do with .htaccess? – Ali Jun 05 '11 at 14:13
  • wow .htaccess, I haven't thought about that in a long time. I am not sure if you can you that file for this. I believe that this file is purely for security. What is your application built on or is it straight html? It if it html, then I would add jquery/javascript to detect the browser on load and show a particular message to the user. You won't be able to block them from the server without writing something custom that preprocesses requests before it gets to your page. – hivie7510 Jun 05 '11 at 14:16
  • I'm using .php for all my files I found some solution they use php script to block or redirect most of the user agent is that the better way? – Ali Jun 05 '11 at 14:22
  • Yes, if it has the desired behavior. I would really recommend not sending a blank page though, it is a really bad user experience and can alienate your potential users. Good luck and thanks. – hivie7510 Jun 05 '11 at 14:24
  • You know, now that I think about it, you would have to put that script on each page. The best way would probably to create(find) a plugin for apache or the server that you are using that does this for you. That way you only need to put the logic, script in one place and it works for everywhere. Will save you time and headache in the long run. But use what works in the short term. – hivie7510 Jun 05 '11 at 14:26
  • Yes of course I wouldn't give them a blank page but at least to notify them that is only work in mobile version and also to help me prevent from most of the thief for stealing my code even tho they still able to do in mobile but if they hadn't thought of it :) – Ali Jun 05 '11 at 14:26
  • Thats cool, do you plan on doing a pc based page? Or is this strictly for mobiles? – hivie7510 Jun 05 '11 at 14:29
  • Well not at the moment because I'm currently working alone on this project but for sure in the near future I will develop a compatible for a pc based site. – Ali Jun 05 '11 at 15:30
  • You really don't want to rely on this for security, as it is *very* easy to spoof User-Agent strings, more so on desktop browsers. – spacehunt Jun 05 '11 at 15:34
  • I didn't delve into it, but the only code that can be found is the markup,css, and javascript which is publicly accessible in the page anyway. If you are talking about the php, then the intruder would have to hack anyway. In that case, it doesn't matter whether they use username/password, because if they want in they will get in. Unless you use some higher order security mechanism. You need to ask the question, what assets are trying to protect only then can you start to plan a risk mitigation plan. – hivie7510 Jun 05 '11 at 15:41
1

block the rest for my security purpose

How secure does this need to be? You shouldn't trust the client to always tell you the truth about what they are.

I suggest you use some other mechanism to ensure security, for example username/password.

spacehunt
  • 803
  • 5
  • 8
  • it just a text of php and html and code that I don't want those pc thief to come and steal my code because those mobile not easy to get the code but they still can do if they want – Ali Jun 05 '11 at 16:07
  • In that case, have your PHP script check the User-Agent string and send a redirect when desired, just keep in mind that it is not secure. Most sites that do this do it for the users' convenience, not as a security mechanism. – spacehunt Jun 05 '11 at 16:14
  • well at least I just redirect those PCs to another page so that they will not really have access (even tho there still have the way around) but I'm trying to look which PHP script does that because most of the site I looked for they use different method. – Ali Jun 05 '11 at 17:29
  • [This](http://stackoverflow.com/questions/6127494/check-string-and-user-agent) and [this](http://stackoverflow.com/questions/2112373/php-page-redirect) might help? – spacehunt Jun 05 '11 at 17:37
0

I used MobileESP to detect when someone using a smartphone connects to my website. This uses PHP, and has some functions to make it pretty simple. I'm sure you can accomplish it with the above methods, but in case this would be of some help...

http://blog.mobileesp.com/

Radley Sustaire
  • 3,382
  • 9
  • 37
  • 48