The web API service I used to log in to the Android app was attacked.
I queried the attacking user-agent:
Mozilla/5.0 (Linux; U; Android 8.1.0; zh-cn; BLA-AL00 Build/HUAWEIBLA-AL00) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/57.0.2987.132 MQQBrowser/8.9 Mobile Safari/537.36
I tried to block access by this user agent, but normal login requests were blocked at the same time.
May I ask if I set the wrong user agent or how should I prevent attacks on the web API service