Technical Tip: How to block 'http_agent="ZmEu"'

FortiAppSec Cloud can be used to block the traffic coming from 'http_agent="ZmEu"'. For that Custom Rule can be created.

To create a Custom Rule for blocking 'http_agent="ZmEu"'.

1.  Open the application in which ZmEu needs to be blocked.
2. On the left Pan, go to Advanced Application -> Custom Rule.

3. Create a Rule, by Defining the name and Operation as either Alert/Deny or Period Block.
4. After the rule is made, it is necessary to add Filter, so below the rule select Add Filter ->  Filter-type: HTTP Header -> Header Name: User-Agent.
5. Inside the Value Pattern, fill the RegEx code as ^ZmEu (this can be modified based on the http_agent in the traffic logs) and select Save Filter.

Note:

If the issue is not resolved, reach out to the support helpline with the required config and logs. The Regex code used above might need to be modified based on the requirement.