Cisco CSS - Deny traffic based on User-Agent header

Within this article we will show you how to deny traffic based on the HTTP User-Agent header.

This is achieved by configuring a header-field-group. Within this group we define a header string rule that matches any header that does not contain a defined string. This group is then associated to a content rule.

header-field-group deny-agent
  header-field ua1 user-agent not-contain "spider"

content VIP-
  protocol tcp
  vip address
  port 80
  url "/*"
  header-field-rule deny-agent
  add service server1
  add service server2

Additional Reference


About the Author


R Donato

Rick Donato is the Founder and Chief Editor of He currently works as an SDN/NFV Solutions Architect and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001