I see a lot of bots on my website, and I can see pattern that all these bots have “Unknown browser”. But when I tried to find this option in firewall i didn’t see that. I can only block by User Agent, but this is not the case, because bots have user-agent headers. So, my question is simple, how to block bots which browser recognized as “unknown”?
Hi there,
You can block that traffic by creating a WAF rule like this:
(http.user_agent eq "")
Better yet, you can use super bot fight mode to block all non verified bots.
Please go to Security > Bots > Configure Super Bot Fight Mode, enable JS detections and set Definitely automated to Block or Challenge.
Take care.
After I enabled Challenge for bots, payments systems couldn’t operate with my website. How can I add IPs to allow list?
Exclude IP address(s):
(http.user_agent eq "" and not ip.src in {11.22.33.44 44.33.22.11})
Or if it’s a long list, you’d create that and point the ip.src to $list:
(http.user_agent eq "" and not ip.src in $testlist)