I have a firewall rule to block requests coming from some country, however we know that is it possible bypass it just using a vpn, proxy, etc…masking the client location. So, I wondering if it is possible block requests coming from a certain browser’s language, as another security layer. Is that possible? If so, could you please tell me where can I set it?
Yes, it is possible to block requests based on the language of the browser. The HTTP header “Accept-Language” can be used to identify the language of the browser making the request, and this information can be used by a firewall or web server to block requests from certain languages.
The exact steps to set this up will depend on the specific firewall or web server that you are using. Generally, you would need to configure your firewall or web server to inspect the “Accept-Language” header of incoming requests and block requests that originate from a language that you have identified as problematic.
For example, if you are using Apache as your web server, you could use the “mod_rewrite” module to inspect the “Accept-Language” header and block requests that originate from certain languages. Here is an example rule that would block requests from clients whose preferred language is set to “ja” (Japanese):
Blockquote
RewriteEngine on
RewriteCond %{HTTP:Accept-Language} ^ja [NC]
RewriteRule .* - [F]
Blockquote
This rule uses regular expressions to match the “Accept-Language” header and returns a “403 Forbidden” error response for any requests that match.
Keep in mind that blocking requests based on language can be problematic if your site or application legitimately serves users from multiple languages. You may want to consider using this as an additional layer of security rather than a primary means of blocking requests.
1 Like
You can modify the rule you have to check the specific header for contains.
3 Likes
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.