Check User Agent Handler

Purpose

The Check User Agent Handler verifies that the HTTP agent header sent by the browser is permitted, using a blacklist and a whitelist. You can use this to differentiate simple scripts for “real” browsers, for example. Requests from User Agents on the blacklist, and requests from User Agents outside the whitelist are denied by vWAF with a configurable HTTP error code.

For more information regarding adding and editing Handlers, see Editing Handlers.

Severity

Events triggered by this handler are given the severity: low. (For details on severity levels, see Severity of Events Triggered by Handlers).

Recommendations for use

To simplify configuration you can also carry out the basic setting in the Anti Spider Wizard initially. Typical, known User Agents are already preconfigured there, and you configure the Robots.txt Handler and the Required Header Field Handler at the same time in the same operation. Then edit the Check User Agent Handler for the specific path if required.

Attributes

Attribute Meaning

case sensitive

When enabled, the entries that you specify for invalid pattern and for valid pattern are case sensitive. Usually, this is not needed but only makes your regular expressions more complicated. So, by default case-sensitivity is not enabled.

invalid pattern

Blacklist: Requests from all User Agents specified here are denied by vWAF .

Regular Expressions can be used.

For details on priority and internal processing, see How Blacklists, Whitelists, and Graylists Are Processed.

valid pattern

Whitelist: Only the requests from the User Agents specified here are approved by vWAF. These can be restricted using a tightly defined invalid pattern.

Regular Expressions can be used.

For details on priority and internal processing, see How Blacklists, Whitelists, and Graylists Are Processed.

error code

HTTP error code that vWAF returns when denying a request.

usertext

Optional:

Here you can specify some text that vWAF adds to the log file entries created by this handler. You can use this, for example, to document why you've added the handler to your configuration, and how the handler is intended to behave.

enable logging

Disable this option if you do not want vWAF to create a log file entry when the handler is executed. This can be useful to keep log files smaller in case the handler creates a large number of entries but you don't need these entries.

When in detection mode, disabling logging de facto makes the handler ineffective. Disabling logging also prevents the actions of the handler from being taken into account for the Top-10 lists in Attack Analysis, and from being listed in Reports .

To decrease the size of the log files, also consider to enable reduced logging, which excludes all non-handler-related information from the log files (see Editing Applications).

For details regarding entries added to the log file by this handler, see the relevant section in Entries in Application-Specific Log Files.