Help
FortiAppSec Cloud
FortiAppSec Cloud delivers unified application security and performance with WAF, bot protection, GSLB, DDoS mitigation, threat analytics, and CDN.
gsharma
Staff
Staff

Created on ‎01-14-2025 10:33 PM Edited on ‎01-14-2025 10:34 PM By Community Manager

Article Id 368856

Technical Tip: How to block 'http_agent="ZmEu"'

Description This article describes how to block 'http_agent="ZmEu"' on FortiAppSec Cloud.
Scope FortiAppSec Cloud.
Solution

FortiAppSec Cloud can be used to block the traffic coming from 'http_agent="ZmEu"'. For that Custom Rule can be created.

 

To create a Custom Rule for blocking 'http_agent="ZmEu"'.

  1.  Open the application in which ZmEu needs to be blocked.
  2. On the left Pan, go to Advanced Application -> Custom Rule.


snip1.JPG

 

  1. Create a Rule, by Defining the name and Operation as either Alert/Deny or Period Block.
  2. After the rule is made, it is necessary to add Filter, so below the rule select Add Filter ->  Filter-type: HTTP Header -> Header Name: User-Agent.
  3. Inside the Value Pattern, fill the RegEx code as ^ZmEu (this can be modified based on the http_agent in the traffic logs) and select Save Filter.


snip2.JPG

Note:

If the issue is not resolved, reach out to the support helpline with the required config and logs. The Regex code used above might need to be modified based on the requirement. 
34
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.