Cisco CSS – Deny traffic based on User-Agent header

Within this article we will show you how to deny traffic based on the HTTP User-Agent header.

This is achieved by configuring a header-field-group. Within this group we define a header string rule that matches any header that does not contain a defined string. This group is then associated to a content rule.

header-field-group deny-agent
header-field ua1 user-agent not-contain “spider”

content VIP-
protocol tcp
vip address
port 80
url “/*”
header-field-rule deny-agent
add service server1
add service server2


Rick Donato

Want to become a networking expert?

Here is our hand-picked selection of the best courses you can find online:
Cisco CCNA 200-301 Certification Gold Bootcamp
Complete Cyber Security Course – Network Security
Internet Security Deep Dive course
Python Pro Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial