IIS Request Filtering Rule for User Agent
I'm trying to block requests from a certain bot. I've added a request filtering rule, but I know it is still hitting the site because it shows up in Google Analytics. Here is the filtering rule I added:
<security>
<requestFiltering>
<filteringRules>
<filteringRule name="Block GomezAgent" scanUrl="false" scanQueryString="false">
<scanHeaders>
<add requestHeader="User-Agent" />
</scanHeaders>
<denyStrings>
<add string="GomezAgent+3.0" />
</denyStrings>
</filteringRule>
</filteringRules>
</requestFiltering>
</security>
This is an example of the user agent I'm trying to block.
Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:13.0;+GomezAgent+3.0)+Gecko/20100101+Firefox/13.0.1
In some ways it seems to work. If I use Chrome to spoof my user agent, I get a 404, as expected. But the bot traffic is still showing up in my analytics. What am I missing?
Solution 1:
I assume you took the string:
Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:13.0;+GomezAgent+3.0)+Gecko/20100101+Firefox/13.0.1
from the IIS logs. In the logs space characters are represented as plus (+) characters.
The real User Agent string is:
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0; GomezAgent 3.0) Gecko/20100101 Firefox/13.0.1
so removing the + from your denyStrings section should fix it.