Forum Discussion
iRule
Cirrus
I need to block requests containing user agent Test Certificate Info
While creating custom attack signature which option will work better from the attached snapshot.
Ivan_Chernenkii
Jul 07, 2020Employee
I think it would be better to create appropriate Bot Signature (related to Bot Profile) and not Attack Signature (related to ASM policy), because in Bot Signature we have rule like "User Agent Contains ..."
In case of Attack Signature - IMO, "Header" matched element is preferred, but also you can make it more detailed by using regex or string with "Request Content" matched element, like "User-Agent: *Test Certificate Info*" or "User-Agent: Test Certificate Info"
Thanks, Ivan