Nik Nik - 6 months ago 24
PHP Question

how can I track that my website is loaded on android device with help of jsoup?

how can I track that my website is loaded on android device with help of jsoup?
if it is going to load with help of jsoup I dont want to provide data to it.
I dont want that some one will load my websites data into android app.

Answer

It's fairly easy to fake the user agent using jsoup, or any other crawler. Here's an example:

doc = Jsoup.connect("https://www.yoursite.com/")
      .userAgent("Mozilla/5.0 (Windows; U; WindowsNT 5.1; en-US; rv1.8.1.6) Gecko/20070725 Firefox/2.0.0.6").get();

The default jsoup user agent will contain the requested domain (yoursite.com) and the java version (1.8.0_05), i.e.:

yoursite.com - Java version 1.8.0_05

Depending on the Android version, jsoup user agent may also look like:

Dalvik/1.4.0 (Linux; U; Android 2.3.5; HTC Desire HD A9191 Build/GRJ90)

My guess is that some versions of jsoup rely on:

System.getProperty( "http.agent" );

If you still want to use this technique to deny access to your site, you can try:

<?php
$userAgent = $_SERVER['HTTP_USER_AGENT'];
if (preg_match('/yoursite\.com[\s-]+Java.*?$/i', $userAgent)) {
    //Deny access
    die("Forbidden");
}

Notes:

  1. As I said previously, this technique is easily bypassed and you should consider using something different.
  2. You may want to check your http access logs to find which user agents are crawling your website, find a bad pattern and block it.