Hijacking HTTP headers starring Vodafone

2009 September 10
tags: , , , , ,
by Michael

Currently I’m working on a mobile website and I’m in the midst of some pain-in-the-arse compatibility issues on page rendering on multiple handsets. I ran across WURFL (Wireless Universal Resource FiLe) , a project which can help you detect a device and to retrieve its device specific properties. WURFL models the properties of wireless/mobile devices in a 13mb XML file.

Next to that there are a lot of APIs (TERA-WURFL PHP, WURFL-PHP, WURFL-Java, WURFL-.NET and WURFL-Perl). I’m using the TERA-WURFL PHP API since I’m also fond of the Smarty template engine. :-)

How it works
The WURFL-PHP API uses a mysql instance to store device specific properties. A caching mechanisms works on top of the mysql instance to enable lightning fast queries on the database.

By querying the device table (11,000+ rows) using $_SERVER['HTTP_USER_AGENT'], we can now retrieve our device screen width capability:



$width = $wurfl->getCapa('resolution_width'); // get width capability

All capabilities can be found at WURFL’s documentation: http://wurfl.sourceforge.net/help_doc.php.

Back to Vodafone:
Ok, so why does Vodafone suck?

Well, it is all about Vodafone’s reformatting proxy. A what? Yeah, a reformatting proxy. Vodafone uses reformatting proxies to reformat a page to display only the content of interest (ie. article text, article thumbnail, no layout). This comes in handy when a website doesn’t have a mobile design; think about reading Slashdot without a reformat. However, many websites have a mobile specific website nowadays, which leads to better user experience, since reformatted pages are mostly completely stripped down. The big problem in this case is that Vodafone’s reformatting proxy changes crucial HTTP headers..

  • A normal request from a mobile phone: 
    HTTP_USER_AGENT => Nokia6288/2.0 (05.92) Profile/MIDP-2.0 Configuration/CLDC-1.1
HTTP_X_WAP_PROFILE => "http://nds1.nds.nokia.com/uaprof/N6288r100.xml"
  • Vodaphone’s reformatting proxy’s request: 
    HTTP_USER_AGENT => = Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.7) Gecko/
Firefox/1.5.0.7 MG (Novarra-Vision/6.1)
HTTP_X_DEVICE_USER_AGENT => Nokia6288/2.0 (05.94) Profile/MIDP-2.0 Configuration/CLDC-1.1

The reformat proxy changed the HTTP_USER_AGENT header to a desktop browser version [sigh]. HTTP_X_DEVICE_USER_AGENT is a non-standard HTTP header. Hijacking HTTP headers is great sport, way to go Vodafone! Is this just as bad as claiming a color?

References:

from → Development, Rant, User Experience, Work

3 Comments leave one →
2009 September 14
Hijacking Http Headers Starring Vodafone | Michael Wolbert’s Blog

[...] The reformat proxy changed the HTTP_USER_AGENT header to a desktop browser version [sigh]. HTTP_X_DEVICE_USER_AGENT is a non-standard HTTP header. Hijacking HTTP headers is great sport, way to go Vodafone! …More [...]

Pingback
2009 November 24
Danny

We are currently trialling a front end service which uses Wurfl. Seems to work well so far. We have found 4 or 5 providers of such a service – “Handset Detection” seems to be the industy term…

The other issue when it comes to detection is the fact that a lot of people are now not using the native mobile browser – so often, it becomes harder to recognise their actual phone handset…

2009 November 24
Michael

Hi Danny,

Thanks for your reply.

Your right, nowadays many people use third-party browsers. IMHO it depends on the target audience; e.g. Slashdot’s audience will by far have a larger variety of third-party browsers over native browsers than a mobile site which renders sport-stats..

Eventually there will be the need of recognition (by manufacturers, carriers and third-party browsers) for a more universal approach. WURFL is on the right track on this one!

-Michael

Leave A Comment

Note: You can use basic XHTML in your comments. Your email address will never be published.