javascript - Ways to check if the browser is authentic?

I was thinking of setting up some kind of mechanism to avoid wget/cURL/etc to download, then again wget/curl can put a fake user agent so my question is more like if someone can confirm this will work

For example, the user want to download a file, at the content disposition URL I can make javascript checks (silly stuff, like send some hash using JS, return it to me then we'll see if you are an authentic browser)

If that have some cons it'll be great to know other methods

2 Answers

  1. Lorin- Reply


    You'll have a really hard time with this (if it's even possible, which I don't believe it is).

    At the end of the day, the browser has to interpret your url and perform a file download. At this point, it's a standard HTTP request, which anything like wget/curl can replicate.

  2. Luke- Reply


    You should use The EFF's Panopticlick project which fingerprints the http client. This fingerprint can be compared against known web browsers. This project also takes JavaScript and Flash into consideration.

Leave a Reply

Your email address will not be published. Required fields are marked *

You can use these HTML tags and attributes <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>