FortiAppSec Cloud
FortiAppSec Cloud delivers unified application security and performance with WAF, bot protection, GSLB, DDoS mitigation, threat analytics, and CDN.
gsharma
Staff
Staff
Article Id 368856
Description This article describes how to block 'http_agent="ZmEu"' on FortiAppSec Cloud.
Scope FortiAppSec Cloud.
Solution

FortiAppSec Cloud can be used to block the traffic coming from 'http_agent="ZmEu"'. For that Custom Rule can be created.

 

To create a Custom Rule for blocking 'http_agent="ZmEu"'.

  1.  Open the application in which ZmEu needs to be blocked.
  2. On the left Pan, go to Advanced Application -> Custom Rule.


snip1.JPG

 

  1. Create a Rule, by Defining the name and Operation as either Alert/Deny or Period Block.
  2. After the rule is made, it is necessary to add Filter, so below the rule select Add Filter ->  Filter-type: HTTP Header -> Header Name: User-Agent.
  3. Inside the Value Pattern, fill the RegEx code as ^ZmEu (this can be modified based on the http_agent in the traffic logs) and select Save Filter.


snip2.JPG

Note:

If the issue is not resolved, reach out to the support helpline with the required config and logs. The Regex code used above might need to be modified based on the requirement. 

Contributors