Blocking MSIE from your Site

Whatever your reason, if you'd like to bar Microsoft's Internet Explorer browsers from your site, here's how you can accomplish it. Note that this could be easily made to work with (or rather, against) any other browser you chose, or against service providers, operating systems, IP addresses containing the number '7,' etc.

The ethics of the situation, and the decision, are rather complicated. My own justification is that I'm angered by the degree to which Microsoft has abused, exploited and tried to control the Internet, and if people are going to come to my proverbial electronic front door with that browser, I'm going to make them click through me griping about it first. Users of the web might have a reasonable expectation of impartial, gracefully-degraded service, but not all that plus freedom from other people's grousing.

CGI Method

This approach assumes you have the ability to put CGIs on your site, and have the filenames properly MIME-parsed for display or execution. If your ISP or server environment doesn't provide that, there are a couple other things you can try.

  1. Determine what your server looks for as the index for a page. This is almost universally index.html. Frequently other extensions (e.g. .htm, .shtml, .phtml, etc) are provided for also. Your server admin can probably tell you this if you're not sure.
  2. Make sure your server can handle a CGI as a defined file type and execute it apropriately. If not, you may need one of the more devious approaches covered later. I'll assume for this purpose that you're creating index.cgi, and that it will be properly executed.
  3. Move your existing index page (index.html or whatever) to some new filename. I suggest avoiding any of the obvious, sensible choices here -- they're easy to guess. Here, I'm going to assume you chose 'piano.shtml' as your new "homepage" filename.
  4. Create your index.cgi; here's the perl code to put in it. This could be easily done in pretty much any language you liked. Don't use shell code.
    #!/usr/bin/perl -Tw
    if ($ENV{'HTTP_USER_AGENT'} &&
        $ENV{'HTTP_USER_AGENT'} =~ /MSIE|Internet Explorer/i) {
      print "Location:\n\n";
    } else {
      print "Location:\n\n";
  5. Adjust the bits to fit your site. The /usr/bin/perl part will vary quite a bit between systems, and the URLs should be edited to fit. You don't inherently need the fully qualified URL -- just /filename.html is probably adequate.
  6. Make it world-executable. On most unices, 'chmod +x index.cgi' will accomplish this.
  7. Create your 'reject' file -- the HTML file that MSIE users should see in place of your actual homepage. Here, that's ie_reject.shtml. My suggestion is that you be polite -- it's the browser you're rejecting (presumably), not the user, and the company (Microsoft) that you object to, not the person with the product. They may be extreme novices and not know anything about other browsers, or forced to use MSIE one way or another despite that they might prefer something else. If that doesn't apply, say whatever you bloody well please. Keep in mind also that you can put your email address on the reject page for people to send their comments, but if you do so you will also get a lot of derisive and grammatically dubious mail from IE users who were just given a pithy lecture about their choice of browsers.
  8. Adjust links on your site, if you so desire. You should never link to the default index page anyway -- if you want to link to an index.html in a given directory, use the name of the directory. As such, assuming you were linking to /index.shtml, change it to either / or /piano.shtml. If you use /, you'll be re-running the script every time, which is a bit more secure concerning IE users entering the site without going to /, but also a little harder on the server.
  9. Check it out, and fix any problems. A lot of diferent things can go wrong here, but the biggest one is that index.cgi isn't being executed, for whatever reason. If you need help, contact your sysadmin or whomever seems apropriate.

CGI method variants:

PHP Method

This works very well on web servers capable of using PHP scripting code. It has the added advantage that it doesn't require CGI execution or redirection, and can't be circumvented by knowing the URL for the "real" page. It's pretty simple, actually. Place this code at or near the top of your code, before any output has occurred.
   if (eregi("MSIE",getenv("HTTP_USER_AGENT")) ||
       eregi("Internet Explorer",getenv("HTTP_USER_AGENT"))) {

Update: this is known to work with PHP3 and beta versions of PHP4.

Miva Script Method

This was contributed by Eric Sechrist <newwave/atnewwave.primeline.\moc>. Haven't tried it myself, but the product page for it indicates that Miva is a server-side scripting language with a respectable supported platforms list.

Place this code at the top of your file, and adjust 'reject.txt' to whatever file you prefer (presumably including HTML):

<MvIF EXPR = "{ 'msie' CIN http_user_agent }">
<MvDO FILE = "reject.txt">

ColdFusion Method

This approach works with Macromedia's ColdFusion server-side application environment (formerly from Allaire). Contributed by Justin Felker.

<CFIF findNoCase("msie", cgi.http_user_agent)>
	<CFLOCATION url="ie_reject.html" addtoken="no">
	<CFLOCATION url="real_page.html" addtoken="no">

JSP Method

Also from Justin Felker: this approach works with Sun's Java Server Pages (JSP).

if (request.getHeader("User-Agent").toLowerCase().indexOf("msie") != -1)

SSI Method

This approach employs the flow control element capability in the wonderful Apache webserver, v1.2 and later. As of this writing, more than half the webservers on the net run Apache, including a large percentage of ISPs and hosting agencies. To find out if you can use this method, telnet to port 80 of the webserver and enter "HEAD / HTTP/1.0", then press enter twice; look through the resulting headers for the "Server:" header, which should contain the server name and version. Microsoft's IIS webserver may support some feature like this also, but chances are if you're running IIS you aren't likely to employ this whole procedure anyway. Documentation on Apache's mod_include SSI module can be found here.

As above, move your "real" entry page to another file (realhomepage.html assumed here), create your IE rejection file (reject.html assumed). You'll generally need to create your index file as index.shtml instead of .html; this may vary between webservers. Be sure that index.shtml is the only "index" file present, as many webservers will prefer .html and/or .htm files over .shtml in the selection order.

<!--#if expr="$HTTP_USER_AGENT = /MSIE/" -->
<!--#include virtual="reject.html" -->
<!--#elif expr="$HTTP_USER_AGENT = /Internet Explorer/" -->
<!--#include virtual="reject.html" -->
<!--#else -->
<!--#include virtual="realhomepage.html" -->
<!--#endif -->

This approach has the advantage of working on a large portion of webservers; however, it does not prevent loading the "real" page via MSIE via some other path (search engine referral, etc).

JavaScript Method

This is a good fallback if you aren't able to use any server-executed code. It has the benefit of being fairly difficult to defeat, since it works on the browser's appName property, which is usually hardcoded into the browser and is difficult to change. The disadvantages are that, first, it will annoy users of browsers that don't use javascript; second, it will permit entry by MSIE users when they have JavaScript disabled. The <meta> redirect will attempt to cope with browsers that don't support or aren't configured to use JS.

  1. Move your index.html file to another filename as above.
  2. Place the following in a new index.html file:
            <meta http-equiv="refresh" content="1; 
    <script language="javascript">
    if (navigator.appName == "Microsoft Internet Explorer") {
            document.location = ""; 
    } else { 
            document.location = "";
    // -->
  3. Adjust the URLs accordingly.

Devin Carraway <ieblock(at)devin(dot)com>

Notes from the future:
This page, and the single page on which I've actually used the tactic, have attracted a startling quantity of derogatory email, and would likely accrue a great deal more if my email address actually appeared on the rejection page. While this does not change my position on MSIE or the blocking thereof, it has suggested a need for a few explanatory notes, for what good it may do.
I'm not sure how this happened, but this page has tended to wind up very high on search engine results lists for searches like "internet explorer" and "browser." If you ran such search intending to download IE and wound up here, this is not it; if you read the above, you'll note the lack of a link to it.