Radio Userland Access Control

Radio Userland doesn't offer access control at the present time, so your weblog's open to the public from the moment you set it up.

Using Javascript and a custom User-Agent string on my browser, I devised a workaround that let me view my weblog but sent other people somewhere else. It uses Windows and Internet Explorer 6, but the technique can be adapted to any browser where you can set the User-Agent string. It only keeps out people who have Javascript turned on in their browser (more than 90 percent of all web users, by my guess).

Step 1: Change Your User-Agent String

First, modify the User-Agent string in Internet Explorer. The User-Agent string is sent to a server when you request a page, and it identifies your browser, browser version, and often other things about your system.

Here's my current User-Agent string for Internet Explorer 6 on Windows XP:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461; .NET CLR 1.0.3705)

You can see your browser's User-Agent string on this IP Delivery browser variable page.

The User-Agent string contains several tokens in parenthesis separated by semi-colons. You can add a token of your own by adding an item to the Windows Registry. (Standard disclaimer: Be careful when editing your registry. It's a great way to hose your system if you're not sure what you are doing.)

Run the Registry Editor and open the folder My Computer, HKEY_LOCAL_MACHINE, SOFTWARE, Microsoft, Windows, CurrentVersion, InternetSettings, User Agent, Post Platform.

Add a new item: Choose Edit, New, String Value. An item will appear in the Post Platform folder with the type REG_SZ and the name New Value #1. Give it a new name that isn't likely to appear in someone's User-Agent string -- Foobar, Swordfish, Heffalump, Woozle, or the like.

Exit the Registry, shut down Internet Explorer, and open it back up. Your User-Agent will have the new token in it. When I added Swordfish to mine, it became this:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461; Swordfish; .NET CLR 1.0.3705)

Step 2: Add a Script to Your Weblog

After you have modified your User-Agent string, add a script to the HTML templates of your weblog to look at that string and send people to a different page if their User-Agent doesn't contain the token.

If you know how to change your templates and republish the weblog, add a script like this to the top of each page that should not be open to the public, right after the <body> tag:

<SCRIPT>
<!--
if (navigator.appVersion != "4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461; Swordfish; .NET CLR 1.0.3705)" {
   top.location="http://radio.userland.com/";
}
//-->
</SCRIPT>

This script requires two changes:

First, modify the text in the if statement so that it includes everything in your User-Agent after the first "/" character.

Next, set the variable top.location to the URL where people should be sent if they don't have the right User-Agent string. I sent people to the Radio Userland home page.

Save the template and republish the pages in your weblog that use the template.

This technique keeps most people out and discourages anyone from linking to your weblog while it's under development. Because it's easily circumvented by turning off Javascript, it isn't a substitute for normal access control.