mudlet-makers team mailing list archive

Thread
Date

[Bug 1366781] Re: Fake useragent string causing 406 Errors on Apache Servers with default configuration

To: mudlet-makers@xxxxxxxxxxxxxxxxxxx
From: Colin L Crowley <sanaki@xxxxxxxxxxxxxx>
Date: Tue, 19 May 2015 01:16:53 -0000
Reply-to: Bug 1366781 <1366781@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I realize now I only referenced a line number earlier, which is subject
to change (currently appears to be 8593). The line the user agent
definition needs to be added after is:

QNetworkRequest request = QNetworkRequest( QUrl( _url ) );

I have no familiarity with QT myself and limited familiarity with
Mudlet's source, though I could give it a glance if it would help speed
up implementation of a fix. I realize this is a low priority in the
grand scheme of things, but for me personally it's rather significantly
high, so I'm happy to help with it where I can. Without delving into the
source a bit I'm not sure what the syntax to include the version numbers
would be, but the basic line needed would be:

request.setRawHeader("User-Agent", "Mudlet/3.0");

-- 
You received this bug notification because you are a member of Mudlet
Makers, which is subscribed to Mudlet.
https://bugs.launchpad.net/bugs/1366781

Title:
  Fake useragent string causing 406 Errors on Apache Servers with
  default configuration

Status in Mudlet the MUD client:
  New

Bug description:
  From user Sanaki
  On forums {http://forums.mudlet.org/viewtopic.php?f=9&t=4594}:
  > downloadFile error 406 issue
  > 
  > Sat Sep 06, 2014 5:14 am
  > When attempting to download an image using downloadFile from my personal server, it's throwing an error 406 message at me ("Not Acceptable", for those unfamiliar). Fetching the same file from a browser works fine. I grabbed the communication chain with wireshark to see what's going awry, but I can't see anything obviously wrong there. Theoretically error 406 should mean the accept header sent by Mudlet is wrong. Granted, I'm years out of practice when it comes to dealing with apache, TCP, PHP, etc, but even still I'm wondering if someone has insight. I noticed Akaya had the same issue here, which was left unanswered.

  > EDIT: I removed a bit of information here because I've identified
  the issue, but have no simple solution. This is caused by apache
  Mod_Security rule 900095, "Bad UA :: Fake Mozilla Agent". This will be
  an issue on any server using the boilerplate Mod_Security rules, and
  that includes irreparably most shared hosting providers. Mudlet
  identifies itself with the full UA string "Mozilla/5.0". Updating this
  to a more accurate UA would appear to fix the issue, though I'm unsure
  what that would be. Is this something that can't be adjusted for some
  reason?

  ======
  > ... this is http and it's a response to Mudlet using a fake UserAgent string to identify itself. Technically the 406 isn't an error, it's a perfectly rational response to an unknown browser that's blatantly lying about what it is.
  ======
  > I seem to have found the solution, though I have yet to test it. In the source, in TLuaInterpreter.cpp, I believe inserting this line after line 8082 would solve our issue completely:

  >>    request.setRawHeader("User-Agent", "Mudlet 2.1");

  > Now, that UA string can be changed to anything really, as long as
  it's something that -isn't- "Mozilla/5.0", which is what it defaults
  to. Realistically, if there's a variable accessible from there that
  contains the current Mudlet version or such, that would probably be
  best, but if so I have no idea where to find it. Or it could just be
  "Mudlet".

To manage notifications about this bug go to:
https://bugs.launchpad.net/mudlet/+bug/1366781/+subscriptions

References

[Bug 1366781] [NEW] Fake useragent string causing 406 Errors on Apache Servers with default configuration
From: Stephen Lyons, 2014-09-08