search cancel

Block Older Version Browser | Google Chrome | Firefox | Edge using VPM and regex

book

Article ID: 225279

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

For security reasons you want to block older versions of Google Chrome , Firefox and Edge with proxy.

 

Resolution

In this approach, we will block all browsers and only allow certain versions.

Start by creating a new web access layer and give a recognizable name to it.

First, create allow rules for the version we need to allow. 

1. Allow Firefox 91 
-- For Source -Set New Request Header 
-Name : Allow Firefox 91 
- Header name: User-Agent
- Header Regex: Firefox\/(91)  
-- Action : Allow.

2. Allow Chrome 91 to 93 
-- For Source -Set New Request Header 
-Name : Allow Chrome 91 to 93
- Header name: User-Agent
- Header Regex: Chrome\/(9[1-3])  
-- Action : Allow.

3. Allow Egd 93 to 95 
-- For Source -Set New Request Header 
-Name : Allow Egd 93 to 95 
- Header name: User-Agent
- Header Regex: Edg\/(9[3-5])  
-- Action : Allow.

They would look something like this.

Next, create a combined object to block all versions of Chrome Firebox and Edge 

Name BlockAllBrowsers

Next Add -New UserAgent Object and check Chrome (all) , Firebox (all) , MS Edge (all)

<>


As Edge uses different sting to identify that what we have a proxy,  we need to add it separately.

For that add a new Request header Object > Use header name "User-Agent" and add below header regex.

^Mozilla/\d+\.0 \(Windows (Phone|NT).*\) AppleWebKit.*Chrome.*Safari.*Edg/\d+.*

As we want to limit the test to a few users so Add AND condition for client IP.

Place this combined object below all the allowed rules.

Next created object to return Exceptions, we need mark ( Force exception ) so other web access layer would work as designed. 

We can create custom block page which perhaps can use for directing user to Help Desk to upgrade browsers.

Important note : As new version of these browsers are released you will need update your allow list. To avoid blocking of newest version ,  have one version advance (Current + 1 ) in allowed list.

Attachments