IIS Request Filtering Rule for User Agent

I'm trying to block requests from a certain bot. I've added a request filtering rule, but I know it is still hitting the site because it shows up in Google Analytics. Here is the filtering rule I added:

<security>
<requestFiltering>
    <filteringRules>
      <filteringRule name="Block GomezAgent" scanUrl="false" scanQueryString="false">
        <scanHeaders>
          <add requestHeader="User-Agent" />
        </scanHeaders>
        <denyStrings>
          <add string="GomezAgent+3.0" />
        </denyStrings>
      </filteringRule>
    </filteringRules>
  </requestFiltering>
</security>

This is an example of the user agent I'm trying to block.

Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:13.0;+GomezAgent+3.0)+Gecko/20100101+Firefox/13.0.1

In some ways it seems to work. If I use Chrome to spoof my user agent, I get a 404, as expected. But the bot traffic is still showing up in my analytics. What am I missing?


Solution 1:

I assume you took the string:

Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:13.0;+GomezAgent+3.0)+Gecko/20100101+Firefox/13.0.1

from the IIS logs. In the logs space characters are represented as plus (+) characters.

The real User Agent string is:

Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0; GomezAgent 3.0) Gecko/20100101 Firefox/13.0.1

so removing the + from your denyStrings section should fix it.