Mike pointed me to an interesting bug for the Sansimera Web site.

The request

GET / HTTP / 1.1 Accept : */* Accept-Encoding : gzip, deflate, compress Host : www.sansimera.gr User-Agent : Mozilla/5.0 (Android; Mobile; rv:24.0) Gecko/24.0 Firefox/24.0

The response

HTTP / 1.1 302 Moved Temporarily Cache-Control : no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Content-Encoding : gzip Content-Length : 11335 Content-Type : text/html; charset=utf-8 Date : Mon, 28 Oct 2013 22:22:52 GMT Expires : Thu, 19 Nov 1981 08:52:00 GMT Last-Modified : Mon, 28 Oct 2013 22:22:52 GMT Location : http://m.sansimera.gr/ Pragma : no-cache Server : Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_bwlimited/1.4 Set-Cookie : bb2_screener_=1382998972+65.36.73.92; path=/ Set-Cookie : PHPSESSID=2ae2192272ef05fd104e0921870c3dfd; path=/ Vary : User-Agent,Accept-Encoding X-Powered-By : PHP/5.3.24

Nothing unusual. OK let's try again.

The request

GET / HTTP / 1.1 Accept : */* Accept-Encoding : gzip, deflate, compress Host : www.sansimera.gr User-Agent : Mozilla/5.0 (Android; Mobile; rv:25.0) Gecko/25.0 Firefox/25.0

The response

HTTP / 1.1 403 Bad Behavior Content-Encoding : gzip Content-Length : 739 Content-Type : text/html; charset=UTF-8 Date : Mon, 28 Oct 2013 22:23:00 GMT Server : Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_bwlimited/1.4 Vary : User-Agent,Accept-Encoding X-Powered-By : PHP/5.3.24

Huh? Did you spot the difference? It's subtle. Really… ok let me help you. One request has the version number 24 and the other one has the version number 25. Then I thought… hmm ok, the UA detection framework is working until 24, and it doesn't have yet in its database the version number 25. So let's test with a higher number 26.

User-Agent: Mozilla/5.0 (Android; Mobile; rv:26.0) Gecko/26.0 Firefox/26.0

The result?

HTTP / 1.1 302 Moved Temporarily

Ooops. So what is the pattern?

Working - "Mozilla/5.0 (Android; Mobile; rv:25.0) Gecko/24.0 Firefox/25.0"

Working - "Android Mobile Gecko/24.0"

Working - "Android Mobile Gecko/1"

Working - "Android Mobile"

Failing - "Android Mobile Gecko/25"

- "Android Mobile Gecko/25" Working - "Android Mobile Gecko/26"

Working - "Android Mobile Gecko/100"

Failing - "Gecko/25"

- "Gecko/25" Working - "Gecko/24"

So for the Greek Web sites, as Mike said, <miketaylr> 25 is cursed, karlcow .

Otsukare!