Forum Discussion
Blue_whale
Cirrocumulus
CirrocumulusHow to block specific User-Agent in ASM Policy
Hi Experts , We are getting many requests from specific IP with the User Agent libcurl .We would like to block this user agent containing curl . Could you please help to configure the rule in the ex...
HarunTuna
Cirrus
CirrusHi, you can do this in two ways.
One, any signature can be defined, like I described below...
- Define a Custom Signature:
- Go to Security > Application Security > Policy Building > Request Signatures.
- Click Create to add a new custom signature.
- Create a User-Agent Blocking Signature:
- Name: Provide a meaningful name like Block_libcurl_UserAgent.
- Description: Add a description for documentation purposes.
- Attack Type: Select or create an appropriate attack type (e.g., Abuse or Bot Traffic).
- Signature:
- Rule Content: Specify the signature rule to detect the libcurl user-agent.
- Example rule --> makefileUser-Agent:.curl.
- Example rule --> makefileUser-Agent:.curl.
- Rule Content: Specify the signature rule to detect the libcurl user-agent.
- Save the custom signature.
- Enable the Custom Signature in the ASM Policy:
- Go to Security > Application Security > Policy > Policy List.
- Select your policy and ensure that the new custom signature is included and active.
- Verify and Apply Policy:
- Save and apply the updated policy.
- Test the policy by simulating requests with curl to ensure they are being blocked.
Or, using irule...
I hope this help you.
HT
Blue_whaleCirrocumulus
CirrocumulusHi HarunTuna ,
Thanks for the detailed info ..I would like to apply these policy/rule to only to the path /bluewhale/api/ProdSearch . It should not block any other url's or path which gets the connection with usersgent : curl .