I haven't found/seen a way to do this yet. It would be nice for some annoying bots to be able to block an IP based on the User-Agent string found in the packet.
Can this be done currently? If not, would it be easy to implement into the code or quite complex?
I'm thinking that if available, it could have a port # option, a destination IP option (if you want to limit checking to certain IP addresses), a "string" option.
For ease, it could be limited to only port 80 or 443 and only examine those types of packets. Just thinking that there may be a use for it with other ports such as SMTP transactions with known spammer client strings.
Block IP based on User-Agent string
Re: Block IP based on User-Agent string
You can use ModSecurity to do this.
Please read my site: http://www.puntapirata.com/ModSec-Rules.php
I made that rule that is used to block IPs checking on their User Agent.
Sergio
Please read my site: http://www.puntapirata.com/ModSec-Rules.php
I made that rule that is used to block IPs checking on their User Agent.
Sergio
Re: Block IP based on User-Agent string
That's a good idea. I was hoping to be able to block the IPs at the SERVER level (iptables) rather than at the application level. Hence, the request that chirpy consider adding this as a feature. (hint, hint?)
What do you think?
What do you think?
Re: Block IP based on User-Agent string
I think it is not possible for CSF to block by USER AGENTS because it will need a table where to check what user agents to block; on the other hand, if you start to block by user agent in no time you will have a very big list of blocked IPs and your iptables will not handle all that IPs.
Just my 2 cents.
Just my 2 cents.
Re: Block IP based on User-Agent string
As Sergio says, this is best done in ModSecurity. You can then allow lfd to pick up the triggered rule to block repeated attempts.