Redirect outdated and insecure browsers using Apache
I have absolutely no desire to support old and shitty browsers. And, I want people with modern browsers to view over SSL/TLS.
But, when someone with an old and shitty browser views my website they don’t really have a good experience. And, older browsers and operating systems tend to not support TLS SNI, which is a technology used to allow multiple certificates to be presented by a web server, and is utilised by Let’s Encrypt.
With Apache, you can use mod_rewrite to force users to https, and punt scumbags away to a browser upgrade page. However, old browsers may not support the SSL ciphers or technologies in use, so don’t forget to allow the directory which your upgrade spiel lives in to remain insecure.
In your httpd.conf or whatver configuration file you specify your files:
<VirtualHost *:80>
# ...
RewriteEngine On
# redirect old browsers
RewriteCond %{HTTP_USER_AGENT} "MSIE [1-8]" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "Navigator/" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "Mozilla/4.5 \(" [NC,OR]
# .. unless they request /ga or /global_assets subdirectory
RewriteCond %{REQUEST_URI} !^/ga*
RewriteCond %{REQUEST_URI} !^/global_assets*
RewriteRule ^ http://adamroe.me/ga/upgrade/ [L,R=302]
# is SSL off?
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/ga/
RewriteCond %{REQUEST_URI} !^/global_assets/
# redirect to https, unless /ga/ or /global_assets/ is requested
RewriteRule ^ https://adamroe.me%{REQUEST_URI} [L,R=301]
</VirtualHost>
<VirtualHost *:443>
# ...
RewriteEngine On
RewriteCond %{SSL:SSL_TLS_SNI} =""
RewriteRule ^ http://adamroe.me/ga/upgrade/nossl [L,R=302]
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_USER_AGENT} "MSIE [1-8]" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "Navigator/" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "Mozilla/4.5 \(" [NC]
RewriteCond %{REQUEST_URI} !^/ga*
RewriteCond %{REQUEST_URI} !^/global_assets*
RewriteRule ^ http://adamroe.me/ga/upgrade/ [L,R=302]
</VirtualHost>What does it look like? Semi-graceful, actually.
