John Tolmachoff
asked on
Sonicwall match object "blank"
Does anyone know is there a way to create a match object that equals "blank"?
Specifically, I want to create a match object for field "HTTP User Agent" with a value of "blank" which means if there is no data in the User-Agent field then it matches.
Specifically, I want to create a match object for field "HTTP User Agent" with a value of "blank" which means if there is no data in the User-Agent field then it matches.
ASKER
The intent is to identify incoming traffic that does NOT have a user agent data set. We are seeing a very large continuous number of hits that are "scrapping" our website for data. What we are seeing is so far over the 10 days now close to 350,000 hits from a range of IPs that are not listed in any bot network and are rotating the IPs so that they are falling under any sensible count to trigger an block. So far the list of IPs is over 250 and new ones are seen every day. The single most identifying thing is that there is no user agent data.
Apart from the lack of user agent, does the traffic appear to be vaild?
https://www.infoq.com/news/2020/03/chrome-phasing-user-agent/
I don't have a sonicwall to test on, but I wonder if matching on a character that will be in every user agent string as an allow, and then having a deny all would suffice?
For a character that is in every user agent, I would choose /
https://www.infoq.com/news/2020/03/chrome-phasing-user-agent/
I don't have a sonicwall to test on, but I wonder if matching on a character that will be in every user agent string as an allow, and then having a deny all would suffice?
For a character that is in every user agent, I would choose /
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
What are you trying to acheive by trying to match a blank user agent? Perhaps there is a different route to a similar result?