1

I have a server behind a Watchguard XTM firewall and want to block incoming RESTClients who has certain user-agents in their request headers. I have implemented several rules to do this:

List image(http://s14.postimg.org/6y9lsq2ep/2015_02_18_13_15_01_Edit_HTTP_Proxy_Action_Confi.png)

Here's one example of how I implemented them:

Regex implementationhttp://s27.postimg.org/wnzy8g1s3/2015_02_18_13_15_53_Edit_Header_Fields_Rule.png

For practice, I would like to use the following regex to block incoming request headers with User-Agents like:

binlar|casper|checkprivacy|cmsworldmap|comodo|curious|diavol|doco

But none of my rules has any actions when I test them.

Any ideas?

BE77Y
  • 2,667
  • 3
  • 18
  • 23
OHMR
  • 133
  • 4

1 Answers1

2

This does not look like proper regular expression syntax. Try it like this:

User-Agent:.*(binlar|casper|checkprivacy|cmsworldmap|comodo|curious|diavol|doco).*

That should match all User Agents that have one of those strings in them.

Erik S
  • 136
  • 4