Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : iptables - block empty user agents

[SysTeam]

How to block requests with empty user agents using iptables firewall?

[nomankhn]

Quote:

Originally Posted by SysTeam

How to block requests with empty user agents using iptables firewall?

iptables is not use for that purpose, use modsecurity or block via apache,

here is example to block via apache with modrewrite.


<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} [regex to match user agent]
RewriteRule ^/.* - [F]
</IfModule>

Just keep in mind that user agents can always be spoofed, so there's nothing keeping the "attacker" from pretending to be Googlebot, Firefox, MSIE, or any other browser or "good" bot. For that matter, blocking by IP only works so long as the "attacker" is using the same IP; if an attack comes from a botnet with thousands of zombie hosts, there's not a lot you can do about that.

[SysTeam]

I successfully block DDoS attack (10000+ bots) using only user agent filters in iptables. Now, my webserver (nginx) still handle requests from bots (without user agents). Nginx block this requests, but would be much more effective to block using iptables.

[khunj]

Quote:

Originally Posted by SysTeam

How to block requests with empty user agents using iptables firewall?

You can't because if there's none, there's nothing to do; iptables won't find it.
You can use mod_Security as mentionned above.

[nomankhn]

Quote:

Originally Posted by SysTeam

I successfully block DDoS attack (10000+ bots) using only user agent filters in iptables.

Please describe bit more.