IIS Request Filtering Rule for User Agent
- by alexp
I'm trying to block requests from a certain bot. I've added a request filtering rule, but I know it is still hitting the site because it shows up in Google Analytics. Here is the filtering rule I added:
<security>
<requestFiltering>
<filteringRules>
<filteringRule name="Block GomezAgent" scanUrl="false" scanQueryString="false">
<scanHeaders>
<add requestHeader="User-Agent" />
</scanHeaders>
<denyStrings>
<add string="GomezAgent+3.0" />
</denyStrings>
</filteringRule>
</filteringRules>
</requestFiltering>
</security>
This is an example of the user agent I'm trying to block.
Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:13.0;+GomezAgent+3.0)+Gecko/20100101+Firefox/13.0.1
In some ways it seems to work. If I use Chrome to spoof my user agent, I get a 404, as expected. But the bot traffic is still showing up in my analytics. What am I missing?