Block empty user agent with URLScan

2018-06-17 00:14:39

I'm able to block a specific user agent, but I'd like to block all requests with an empty user agent using URLscan v3.1.

Does anyone know how to do this?

There isn't a way to configure this using URLScan, but it can be done with a custom ISAPI filter on your IIS server. Here it is in C++:

DWORD WINAPI __stdcall HttpFilterProc(HTTP_FILTER_CONTEXT *pfc, DWORD NotificationType, VOID *pvData) 
{ 
    char buffer[256];
    DWORD buffSize = sizeof(buffer);
    HTTP_FILTER_PREPROC_HEADERS *p;
    switch (NotificationType)  {
      case SF_NOTIFY_PREPROC_HEADERS :
      p = (HTTP_FILTER_PREPROC_HEADERS *)pvData;
      BOOL bHeader = p->GetHeader(pfc,"User-Agent:",buffer,&buffSize); 
      CString UserAgent(buffer);
      if(UserAgent.GetLength() == 0) { // reject blank user agents
        p->SetHeader(pfc, "url", "/rejected-blank-user-agent");
      }
      return SF_STATUS_REQ_HANDLED_NOTIFICATION; 
    }
    return SF_STATUS_REQ_NEXT_NOTIFICATION; 
}

I have an example block specific user-agent such as spider. Here is

RuleList=DenyUserAgent   (in the options section)

(place in the end)
[DenyUserAgent]
DenyDataSection=Agent Strings
ScanHeaders=User-Agent

[Agent Strings]
YisouSpider

Maybe the word could give an explanation in the ini file.

UrlScan supports custom rules that can be applied in addition to the other checks and options specified in this configuration file. Rules should be listed in a comma separated string in the RuleList property. Each rule in the list corresponds to two sections in this configuration file, one containing the options for the rule, and one containing deny strings for the rule.

链接地址: http://www.djcxy.com/p/48100.html

上一篇: 提升压缩矩阵基础

下一篇: 使用URLScan阻止空的用户代理