Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
SSL: how to make Google happy while retaining compatibility?
#1
Hey everyone,

since Google thinks the web should be a SSL-only place and everyone seems to agree with whatever Google says (no matter how silly) I'm caught between a rock and hard place.

I do run Cornica.org as introduced here in the forums. It's target audience are users of retro computers. The page is deliberately using HTML 3.2  to keep it accessible for old-old machines. (I'm actually able to use it with my Macintosh IIci, 25 Mhz 68030 CPU from 1989. It's slow, but usable).

By forcing SSL on my page I will lock out my target audience. Their browsers can't handle modern SSL (if any at all).

I'm on the other hand reluctant to give up Google and modern web users as visitors just because I don't slap SSL onto a static HTML 3.2 page. Google / modern devices are usually the "first contact" channels and only afterwards people point their older machines' browsers to Cornica.

Granted, I could just enable SSL and have the users pick their preferences. However, a SEO-versed friend told me it's not good to have both as search engines will view it as duplicate content.

So I'm right now thinking of writing a plugin for our favorite CMS that would do the job of redirecting visitors based on their browser's capabilities. I'm not sure which is the best approach, so I'd appreciate any ideas / insights:

One way would be to have the entire page use SSL but using $_SERVER['HTTP_USER_AGENT'] to determine if a user's browser is capable of TLS 1.2 and if not, redirect him to a http version of the page.

Advantage: modern browsers don't flag my page as "unsafe" and the google bot will keep crawling my page
Disadvantage there's a lot of different user agents that I'd need to cover and it's highly unreliable since it is easy to spoof.

Any other insights / ideas on this?
Reply
#2
Hi Bolkonskij,

Solution 1: Detect if a Browser supports SNI

You can detect SNI support by loading a <script> from your destination SNI HTTPS server
and if the script loads and runs correctly, you know the browser supports SNI.

Get a complete list of user agents that do not support SNI from google

=======================================================

Solution 2: Make use of the .htaccess file

Code:
RewriteCond %{HTTP_USER_AGENT} Opera/[1-3] [OR]
RewriteCond %{HTTP_USER_AGENT} Safari/[1-4] [OR]
RewriteCond %{HTTP_USER_AGENT} Navigator/ [OR]
RewriteCond %{HTTP_USER_AGENT} MSIE [1-6]
RewriteRule .? your rewrite rule here [L]

=======================================================

Solution 3: Make use of PHP $_SERVER['HTTP_USER_AGENT']

Code:
<?php
$useragent=$_SERVER['HTTP_USER_AGENT'];
if(preg_match('/android|avantgo|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|symbian|treo|up\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino/i',$useragent)||preg_match('/1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|e\-|e\/|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(di|rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|xda(\-|2|g)|yas\-|your|zeto|zte\-/i',substr($useragent,0,4)))
// insert php redirect code here
?>

+++++++++++++++++
Reply




Users browsing this thread: 1 Guest(s)