IIS Request Filtering Rule for User Agent

Posted by alexp on Server Fault See other posts from Server Fault or by alexp
Published on 2013-10-24T15:54:43Z Indexed on 2013/10/24 15:56 UTC
Read the original article Hit count: 227

Filed under:
|
|

I'm trying to block requests from a certain bot. I've added a request filtering rule, but I know it is still hitting the site because it shows up in Google Analytics. Here is the filtering rule I added:

<security>
<requestFiltering>
    <filteringRules>
      <filteringRule name="Block GomezAgent" scanUrl="false" scanQueryString="false">
        <scanHeaders>
          <add requestHeader="User-Agent" />
        </scanHeaders>
        <denyStrings>
          <add string="GomezAgent+3.0" />
        </denyStrings>
      </filteringRule>
    </filteringRules>
  </requestFiltering>
</security>

This is an example of the user agent I'm trying to block.

Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:13.0;+GomezAgent+3.0)+Gecko/20100101+Firefox/13.0.1

In some ways it seems to work. If I use Chrome to spoof my user agent, I get a 404, as expected. But the bot traffic is still showing up in my analytics. What am I missing?

© Server Fault or respective owner

Related posts about iis7.5

Related posts about bots