Fake User Agents
Hi, is there any way to detect and block (bounce) fake User Agents? By "fake" I mean impossible combinations of browser name/engine/version, OS name/version (e.g. "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1; Trident/3.1)"). Thanks.
5 Replies
Important Information
Thank you for getting in touch with your support request. To expedite a swift resolution, could you kindly provide the following information? Rest assured, we will respond promptly, and we greatly appreciate your patience. While you wait, please check the links below to see if this issue has been previously addressed. If you have managed to resolve it, please use run the command
/resolve or press the green resolve button below.Log Files
If you possess any log files that you believe could be beneficial, please include them at this time. By default, CrowdSec logs to /var/log/, where you will discover a corresponding log file for each component.
Guide Followed (CrowdSec Official)
If you have diligently followed one of our guides and hit a roadblock, please share the guide with us. This will help us assess if any adjustments are necessary to assist you further.
Screenshots
Please forward any screenshots depicting errors you encounter. Your visuals will provide us with a clear view of the issues you are facing.
© Created By WhyAydan for CrowdSec ❤️
you will need to write a scenario for that, take a look on how the - https://app.crowdsec.net/hub/author/crowdsecurity/scenarios/http-bad-user-agent - works and use this as a base for your scenario
Collections, AppSec Rules & Configurations | CrowdSec Hub
Manage collections, configurations, remediation components, and AppSec rules with CrowdSec Hub. Streamline security with tools and integrations for enhanced protection.
Thanks for the reply. Is there any regex list available for matching the fake User Agents (impossible OS - browser version combinations)?
Just cause I know a little but am confused, what makes this UA impossible combination. AFAIK this is primarily used by bots but is not impossible?
edit: asked mr gpt, and now I understand why
don't think so ( tried to google something ). maybe create a list of the valid user agents and match which are not on the list?