fir3net
PPS-Firenetbanner-780.5x190-30-03-17

Cisco CSS - Deny traffic based on User-Agent header

Within this article we will show you how to deny traffic based on the HTTP User-Agent header.

This is achieved by configuring a header-field-group. Within this group we define a header string rule that matches any header that does not contain a defined string. This group is then associated to a content rule.

header-field-group deny-agent
  header-field ua1 user-agent not-contain "spider"

content VIP-88.88.88.88
  protocol tcp
  vip address 88.88.88.88
  port 80
  url "/*"
  header-field-rule deny-agent
  add service server1
  add service server2

Additional Reference

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11000series/v5.00/configuration/advanced/guide/HTTPHead.html

 

About the Author

RDonato

R Donato

Ricky Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Ricky on Twitter @f3lix001