2

I'm using ModSecurity WAF with Apache. I wanted to know if there's a way I can restrict to only few browser agent type? I want to do this for two reasons:

  1. Force the users to use an updated browser.
  2. Deny reconnaissance. Thus most bots on the internet use useragent that doesn't reflect a browser or an useragent that uses an outdated browser identifier.

Hence for example, I want to block chrome 69 and below, is there a way that i can use ModSecurity (including the CRS ruleset) to block anything but the following:

AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36

I have removed the OS part to ensure any OS can work.

Parth Maniar
  • 131
  • 4
  • 1
    I think this is a better suited question for ServerFault. It's a configuration issue, not a security one. – ThoriumBR Dec 25 '18 at 22:35
  • 1
    Please don't unless you have *captive* users - for example in a corporate network. Sending an alert for an old browser can be acceptable, but rejecting unknown ones will give a very bad experience for some users. – Serge Ballesta Dec 26 '18 at 14:17
  • @SergeBallesta thank you for that. This is for my family so I'm covered. :) – Parth Maniar Dec 26 '18 at 14:19

1 Answers1

2

You can do this with the SecRule REQUEST_HEADERS:User-Agent directive in mod_security. You will probably need to use a blacklist approach as described in detail here.

Lucas Kauffman
  • 16,880
  • 9
  • 58
  • 93