URLScan – rejecting the request depending on the User-Agent string

Article
06/12/2009

I just learned this now :-) You can now use the URLScan 3.1 with your own custom rules, and it would come handy in situations like rejecting a request based on the User-Agent string.

Below is a sample rule for the same:

[Options]

RuleList=DenyUserAgent

[DenyUserAgent]

DenyDataSection=Agent Strings

ScanHeaders=User-Agent

[Agent Strings]

My Custom User-Agent String

Useful links

     https://learn.iis.net/page.aspx/476/common-urlscan-scenarios/

     https://blogs.iis.net/nazim/archive/2008/06/30/urlscan-v3-0-filtering-based-on-request-entity.aspx

     https://learn.iis.net/page.aspx/473/using-urlscan?info=EXLINK

Hope this helps!

URLScan – rejecting the request depending on the User-Agent string

Additional resources