User Agent Blocking doesn't allow empty string

We have had some bad bots using an empty agent string. The firewall “User Agent Blocking” doesn’t allow an empty string. It would be nice to be able to block. I made a firewall rule to handle it, but I’d prefer all my agent blocking in the same area.

if you have WAF rule please enable rule 100001 to achieve this.

1 Like

When incoming requests match…
(http.user_agent eq “”)
Then Block

block-empty-user-agent

I suspect that’s what the OP ended up having to do:

Even the API won’t allow an empty string.

Yeah I’ve got the firewall rule to handle it. I see the CF 100001. For us we like to keep things in a known place because we manage hundreds of websites. So if someone wants to know if a user agent is being blocked they are trained to go to the User Agent Blocking area and we keep everything there. Yeah they can go hunt around and find a rule or CF rule, but it’s cleaner if we could have it with the rest of the blocked user agents.

1 Like