Agentn using a custom $_SERVER['HTTP_USER_AGENT'] help website security?
I am using a browser where you can add and use your own $_SERVER['HTTP_USER_AGENT']. I have now added this script on every page of my 'Secure Area'.
<? $agent= $_SERVER['HTTP_USER_AGENT'];
$goodbrowser = 'MyCustomBrowser';
if (strstr($agent,$goodbrowser)!= true):?>
<h2 class="bd" style="margin-top:200px">You have No Authorisation<br>to access this area</h2>
exit; endif; ?>
Would this help or it easily circumvented? I would (and I expect many others ) would be interested from web security gurus out there. Much Appreciated.
This is a form of security through obscurity, which is generally not a good thing and leads to security holes. Here's a good rule to follow:
Always assume the attacker knows what you know! That means, how the code looks, how your database structure looks, how your file and directory structure looks, everything.
If you want to keep people out of an area, limit based on something truly secure, like a good password after a strong hashing algo, an SSH key, or local access only.
Nothing from the client can be trusted, only measure variables you can control.
If you already have other proper security measures in place (Like a strong password, HTTPS, etc), adding this as an extra obstacle is OK.