Authentication based on User-Agent

In an authentication rule, a Request header User-Agent value can be used to determine if user authentication will be performed. This is useful when you want to authenticate users using a known set of client applications, usually browsers, and allow other applications, often a set of applications that don’t support authentication, to proceed without authentication. Such rules can also specify IP addresses and, if Content Gateway is an explicit proxy, inbound proxy port.

As with all authentication rules, the first matching rule is applied. (For a complete description of rule-based authentication, see Rule-Based Authentication.)

When the User-Agent field is used, the critical element is the regular expression (regex) that preforms the match.

  • The regex must be POSIX-compliant.

    The “^” regex operator is not supported.

  • Predefined regexes are provided for the most common browsers.
  • When the field is empty, all User-Agent values match.
  • You can create a custom regex by directly editing the field.
  • Multiple regexes are allowed. They must be separated by a “|” (‘or’ operator).

When you click Apply (after Add or Set), the regex is parsed and validated. If the regex is not valid, the rule is deleted and must be recreated with a valid regex.

Following are a few examples of custom regexes. Microsoft Internet Explorer 7, 8, or 9:

MSIE ([7-9]{1}[\.0-9]{0})

Example User-Agent string:

Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)

Microsoft Edge

Edge ([1]{1}[\.0-9]{0})

Example User-Agent string:

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/

537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/

537.36 Edge/13.10586

Microsoft Internet Explorer Mobile, all versions:

IEMobile

Example User-Agent string:

Mozilla/5.0 (compatible; MSIE 9.0; Windows Phone OS 7.5; Trident/5.0; IEMobile/9.0)

Apple iPhone, all versions:

(iPhone) OS (\d+)_(\d+)(?:_(\d+))?

Example User-Agent string:

Mozilla/5.0 (iPod; U; CPU iPhone OS 4_3_3 like Mac OS X; ja-jp) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/

5.0.2 Mobile/8J2 Safari/6533.18.5

Apple iPad, all versions:

(iPad).+ OS (\d+)_(\d+)(?:_(\d+))?

Example User-Agent string:

Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/

536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25

Search the Internet for lists of User-Agent strings, example regular expressions, regex checkers, and related resources.